L00Neyhacker

**Name of the Vulnerable Software and Affected Versions** Last Yard version 22.09.8-1 **Description** The issue is related to the lack of enforcement of HSTS headers. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For version 22.09.8-1, consider implementing HSTS headers to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Last Yard version 22.09.8-1 **Description** The issue allows the cookie to be stolen via unencrypted traffic. **Recommendations** For version 22.09.8-1, consider using encrypted traffic to protect against cookie theft until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Last Yard version 22.09.8-1 **Description** The issue concerns Cross-origin resource sharing (CORS), which is a security feature that restricts web pages from making requests to a different origin (domain, protocol, or port) than the one the web page was loaded from. This helps prevent malicious scripts from making unauthorized requests on behalf of the user. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. **Recommendations** For version 22.09.8-1, update to a version that includes a fix for the CORS issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Connectwise Automate version 2022.11 **Description** The issue allows the login screen to be iframed, potentially manipulating users into performing unintended actions. The vendor claims that a Content-Security-Policy HTTP response header is present to block this attack. **Recommendations** For Connectwise Automate version 2022.11, as a temporary workaround, consider implementing additional security measures to prevent clickjacking attacks, such as configuring the Content-Security-Policy header to block iframing of the login screen. However, the effectiveness of this measure is disputed due to the vendor's claim of existing protection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Connectwise Control version 22.8.10013.8329 **Description** The issue concerns Cross Origin Resource Sharing (CORS) in Connectwise Control. According to the vendor, two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and they claim there is no risk from this behavior. The vulnerability report is disputed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Connectwise Automate version 2022.11 **Description** The issue concerns cleartext authentication, where authentication is performed via HTTP with SSL disabled. This is reportedly controlled by a configuration option, allowing customers to choose HTTP over HTTPS during troubleshooting. The vendor considers this behavior to be by design. **Recommendations** For Connectwise Automate version 2022.11, consider enabling SSL to encrypt authentication data and minimize the risk of cleartext authentication exploitation. As a temporary workaround, restrict the use of HTTP for authentication until a more secure configuration can be implemented.

**Name of the Vulnerable Software and Affected Versions** Connectwise Control version 22.8.10013.8329 **Description** The login page of Connectwise Control does not implement HSTS headers, which results in not enforcing HTTPS. The vendor's position is that this behavior is controlled by a configuration option, allowing customers to choose HTTP over HTTPS during troubleshooting. **Recommendations** For version 22.8.10013.8329, consider configuring the system to use HTTPS instead of HTTP, especially during normal operation, to minimize the risk of exploitation. As a temporary workaround, restrict access to the login page to trusted sources until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Selfwealth iOS mobile App version 3.3.1 **Description** The issue concerns the disclosure of sensitive keys. Specifically, the application reveals hardcoded API keys. **Recommendations** For Selfwealth iOS mobile App version 3.3.1, consider restricting access to the API endpoints that utilize the hardcoded keys until a patch is available. As a temporary workaround, avoid using the affected API endpoints that expose the sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Selfwealth iOS mobile App version 3.3.1 **Description** The issue concerns Insecure App Transport Security (ATS) Settings in the Selfwealth iOS mobile App. This means the app may not properly secure its communication, potentially allowing for interception or eavesdropping of sensitive data. **Recommendations** For Selfwealth iOS mobile App version 3.3.1, consider updating the app's transport security settings to ensure all communications are properly encrypted and secure. As a temporary workaround, restrict the use of the app on unsecured networks until a more secure version is available.

**Name of the Vulnerable Software and Affected Versions** Connx version 6.2.0.1269 **Description** The issue arises when a cookie is issued by the application without having the HttpOnly flag set. This flag is crucial as it helps mitigate the risk of client-side script accessing the cookie, thereby reducing the risk of session hijacking. **Recommendations** For Connx version 6.2.0.1269, consider configuring the application to set the HttpOnly flag for all cookies to prevent potential session hijacking attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Connx version 6.2.0.1269 **Description** The issue arises when the application issues a cookie without setting the secure flag. **Recommendations** For Connx version 6.2.0.1269, ensure that all cookies issued by the application have the secure flag set to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Cherwell Service Management (CSM) version 10.2.3 **Description** An issue was discovered in the web application where it accepts and reflects arbitrary domains supplied via a client-controlled `Host` header. Injection of a malicious URL in the `Host` header of the HTTP Request results in a 302 redirect to an attacker-controlled page. **Recommendations** For Cherwell Service Management (CSM) version 10.2.3, consider restricting access to the web application until a patch is available. As a temporary workaround, avoid using the `Host` header in HTTP requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cherwell Service Management (CSM) version 10.2.3 **Description** An issue was discovered in the web application of Cherwell Service Management, where XSS can occur via a payload in the `SAMLResponse` parameter of the HTTP request body. **Recommendations** For Cherwell Service Management (CSM) version 10.2.3, consider restricting access to the `SAMLResponse` parameter in the HTTP request body until a patch is available. As a temporary workaround, avoid using the `SAMLResponse` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cherwell Service Management (CSM) version 10.2.3 **Description** An issue was discovered in the web application where injection of a malicious payload within the `RelayState=` parameter of the HTTP request body results in the hijacking of the form action. This occurs when the application places user-supplied input into the action URL of an HTML form. An attacker can use this to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. **Recommendations** For Cherwell Service Management (CSM) version 10.2.3, as a temporary workaround, consider restricting the use of the `RelayState=` parameter in the HTTP request body until a patch is available. Avoid using the `RelayState=` parameter in the affected HTTP request body to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cherwell Service Management version 10.2.3 **Description** An issue was discovered in the web application where the `ASP.NET Sessionid` cookie is not protected by the Secure flag, making it prone to interception by an attacker if traffic is sent over unencrypted channels. **Recommendations** For Cherwell Service Management version 10.2.3, consider configuring the web application to protect the `ASP.NET Sessionid` cookie with the Secure flag to prevent interception over unencrypted channels. As a temporary workaround, restrict access to unencrypted channels to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kooboo CMS version 2.1.1.0 **Description** The issue allows an attacker to upload a remote shell, such as an aspx file, to the server. The uploaded files are stored in the /Content/Template/root/ directory, for example, reverse-shell.aspx. An attacker can trigger the uploaded shell by simply browsing to its URL, potentially leading to a reverse shell from the victim server. **Recommendations** For Kooboo CMS version 2.1.1.0, consider restricting access to the /Content/Template/root/ directory to prevent unauthorized file uploads. As a temporary workaround, avoid using the URL /Content/Template/root/reverse-shell.aspx until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kooboo CMS version 2.1.1.0 **Description** The issue allows for insecure file upload, enabling the upload of any file extension to the server. The server fails to verify the file extension, which was demonstrated by successfully uploading an aspx file. **Recommendations** For Kooboo CMS version 2.1.1.0, consider restricting file uploads to only necessary and verified extensions as a temporary workaround until a patch is available. Restrict access to the file upload functionality to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CS-Cart version 4.11.1 Description: The issue allows for copy-paste XSS by manipulating the `post description` field in the blog post creation page. Recommendations: For CS-Cart version 4.11.1, consider restricting access to the blog post creation page until a fix is available, and avoid manipulating the `post description` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Frontier ichris versions through 5.18 **Description** The issue concerns mishandling of DNS requests for the hostname in the HTTP Host header. This can be exploited by submitting 127.0.0.1 multiple times, leading to a denial-of-service (DoS) condition. **Recommendations** For versions through 5.18, consider restricting access to the HTTP Host header to minimize the risk of exploitation. As a temporary workaround, avoid submitting multiple requests with the same hostname to prevent DoS. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Frontier ichris versions 5.18 and earlier **Description** The issue allows users to upload malicious executable files that might later be downloaded and run by any client user. **Recommendations** For versions 5.18 and earlier, consider restricting file upload capabilities to prevent the upload of malicious executable files until a fix is available.