Kwangyun

**Name of the Vulnerable Software and Affected Versions** ScreenToGif versions prior to 2.42.1 **Description** ScreenToGif is susceptible to a DLL sideloading issue via the `version.dll` file. When the portable executable is launched from a directory writable by the user, it loads `version.dll` from the application directory instead of the standard Windows System32 directory. This allows for the execution of arbitrary code within the user's context. The application is commonly distributed as a portable application, making it frequently run from user-writable locations, which increases the risk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osctrl versions prior to 0.5.0 **Description** osctrl is a management solution for osquery. A command injection issue exists in the `osctrl-admin` environment configuration before version 0.5.0. An authenticated administrator can inject arbitrary shell commands through the hostname parameter when creating or editing environments. These commands are embedded into enrollment scripts generated using Go's `text/template` package, which does not perform shell escaping, and execute on every endpoint that enrolls using the compromised environment. An attacker with administrator access can achieve remote code execution on every endpoint that enrolls using the compromised environment. Commands execute as root/SYSTEM before osquery is installed, leaving no agent-level audit trail. This enables backdoor installation, credential exfiltration, and full endpoint compromise. The **API endpoint** used for environment configuration is within the `osctrl-admin` interface. The vulnerable parameter is `hostname`. **Recommendations** Restrict osctrl administrator access to trusted personnel. Review existing environment configurations for suspicious hostnames. Monitor enrollment scripts for unexpected commands.

**Name of the Vulnerable Software and Affected Versions** osctrl versions prior to 0.5.0 **Description** osctrl is an osquery management solution. A stored cross-site scripting (XSS) issue exists in the `osctrl-admin` on-demand query list. A user with query-level permissions can inject arbitrary JavaScript via the query parameter when running an on-demand query. The payload is stored and executes in the browser of any user, including administrators, who visits the query list page. This can be combined with Cross-Site Request Forgery (CSRF) token extraction to escalate privileges and perform actions as the logged-in user. An attacker with query-level permissions can execute arbitrary JavaScript in the browsers of all users who view the query list, potentially leading to full platform compromise if an administrator executes the payload. **Recommendations** Restrict query-level permissions to trusted users. Monitor the query list for suspicious payloads. Review osctrl user accounts for unauthorized administrators.

**Name of the Vulnerable Software and Affected Versions** LinkAce versions prior to 1.15.6 **Description** A reflected cross-site scripting (XSS) issue exists in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions. **Recommendations** For versions prior to 1.15.6, update to version 1.15.6 to resolve the issue. As a temporary workaround, consider restricting user input in the "URL" field of the "Edit Link" module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LinkAce versions prior to 1.15.6 **Description** The issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. **Recommendations** For versions prior to 1.15.6, update to version 1.15.6 to resolve the issue. As a temporary workaround, consider disabling the "Import Bookmarks" functionality until a patch is available. Restrict access to uploaded links to minimize the risk of exploitation. Avoid using the "Import Bookmarks" feature with untrusted files until the issue is resolved.