Kk1230

**Name of the Vulnerable Software and Affected Versions** TDuckCloud tduck-platform versions up to 4.0 **Description** A critical issue was found in the TDuckCloud tduck-platform, affecting the function `QueryProThemeRequest` of the file `src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java`. The manipulation of the argument `color` leads to SQL injection. The attack can be initiated remotely. An exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For versions up to 4.0, as a temporary workaround, consider disabling the `QueryProThemeRequest` function until a patch is available. Restrict access to the `color` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue was found in the Netentsec NS-ASG Application Security Gateway, affecting an unknown part of the file /protocol/firewall/addaddress interpret.php. The manipulation of the `messagecontent` argument leads to SQL injection. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond. **Recommendations** For Netentsec NS-ASG Application Security Gateway version 6.3, as a temporary workaround, consider restricting access to the `/protocol/firewall/addaddress interpret.php` file until a patch is available. Avoid using the `messagecontent` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Tongda OA versions prior to 11.10 **Description** A critical vulnerability was found in Tongda OA, affecting the file general/hr/manage/staff reinstatement/delete.php. The manipulation of the `REINSTATEMENT ID` argument leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public. **Recommendations** For versions prior to 11.10, upgrade to version 11.10 to address this issue. As a temporary workaround, consider restricting access to the `delete.php` file in the `general/hr/manage/staff reinstatement` directory until the upgrade is applied. Avoid using the `REINSTATEMENT ID` argument in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** D-Link DAR-7000 up to 20151231 **Description** A critical vulnerability has been found in the D-Link DAR-7000, affecting the processing of the file /log/webmailattach.php. The manipulation of the `table name` argument leads to an unknown weakness. This issue may be exploited remotely, allowing an attacker to execute arbitrary commands. The exploit has been disclosed to the public. The product is end-of-life and should be retired and replaced. **Recommendations** As a temporary workaround, consider disabling access to the /log/webmailattach.php file until the product can be replaced. Restrict access to the `table name` argument to minimize the risk of exploitation. Since the product is no longer supported, the best course of action is to retire and replace it with a supported version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.