Linwz

**Name of the Vulnerable Software and Affected Versions** IDExpert Windows Logon Agent (affected versions not specified) **Description** IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution issue. Unauthenticated remote attackers can force the system to download arbitrary executable files from a remote source and execute them. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IDExpert Windows Logon Agent (affected versions not specified) **Description** IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution issue. Unauthenticated remote attackers can force the system to download arbitrary DLL files from a remote source and execute them. The issue allows attackers to execute code on the targeted system without requiring authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** C&Cm@il versions (affected versions not specified) **Description** C&Cm@il, developed by HGiga, contains a SQL Injection flaw. Authenticated remote attackers can exploit this to inject arbitrary SQL commands, potentially leading to unauthorized database content access. The vulnerability allows for the execution of SQL commands, enabling attackers to read data from the database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** C&Cm@il (affected versions not specified) **Description** C&Cm@il developed by HGiga has a Missing Authentication issue. This allows unauthenticated remote attackers to read and modify any user's mail content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** C&Cm@il versions (affected versions not specified) **Description** C&Cm@il, developed by HGiga, contains a SQL Injection flaw. This allows attackers who do not need to be logged in to inject arbitrary SQL commands, potentially allowing them to read the contents of the database. The vulnerability affects the application's handling of SQL queries, enabling malicious input to manipulate database operations. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gotac Statistics Database System (affected versions not specified) **Description** The Statistics Database System developed by Gotac has an Arbitrary File Read issue. Unauthenticated remote attackers can exploit Relative Path Traversal to download arbitrary system files. The issue allows attackers to access files on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gotac Police Statistics Database System (affected versions not specified) **Description** The Police Statistics Database System developed by Gotac is subject to an arbitrary file upload issue. A remote, unauthenticated attacker can exploit this to upload and execute web shell backdoors, leading to arbitrary code execution on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gotac Police Statistics Database System (affected versions not specified) **Description** The Police Statistics Database System developed by Gotac contains an Absolute Path Traversal issue. This allows unauthenticated remote attackers to enumerate the system file directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gotac Police Statistics Database System (affected versions not specified) **Description** The Police Statistics Database System developed by Gotac suffers from a missing authentication issue. This allows remote attackers to read, modify, and delete database contents without authentication by utilizing a specific functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gotac Police Statistics Database System (affected versions not specified) **Description** The Police Statistics Database System developed by Gotac contains a flaw that allows a remote, unauthenticated attacker to read arbitrary system files through an Absolute Path Traversal technique. This vulnerability enables the attacker to download files from the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gotac Statistics Database System (affected versions not specified) **Description** The Statistics Database System developed by Gotac has a missing authentication issue. This allows unauthenticated remote attackers to directly exploit a specific functionality to query database contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** N-Reporter (affected versions not specified) N-Cloud (affected versions not specified) N-Probe (affected versions not specified) **Description** The N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection issue. Authenticated remote attackers can inject arbitrary OS commands and execute them on the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** O'View MapServer (affected versions not specified) **Description** O'View MapServer developed by PilotGaea Technologies contains a Server-Side Request Forgery vulnerability. This allows unauthenticated remote attackers to probe internal networks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.

**Name of the Vulnerable Software and Affected Versions** Sunnet eHRD (affected versions not specified) **Description** The eHRD platform contains a reflected cross-site scripting issue. This allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser through phishing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sunnet eHRD (affected versions not specified) **Description** The eHRD platform developed by Sunnet is susceptible to a Reflected Cross-site Scripting issue. This allows unauthenticated remote attackers to execute arbitrary JavaScript code in a user's browser through phishing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WebITR versions (affected versions not specified) Description: WebITR developed by Uniong is susceptible to an arbitrary file reading issue. This allows remote attackers with regular privileges to exploit an Absolute Path Traversal flaw to download arbitrary system files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WebITR (affected versions not specified) Description: WebITR developed by Uniong has an Arbitrary File Reading vulnerability. This allows remote attackers with regular privileges to exploit Absolute Path Traversal and download arbitrary system files. Absolute Path Traversal enables unauthorized file access. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WebITR (affected versions not specified) Description: WebITR developed by Uniong is susceptible to an Arbitrary File Reading issue. This allows remote attackers with regular privileges to exploit Absolute Path Traversal and download arbitrary system files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WebITR versions (affected versions not specified) Description: WebITR developed by Uniong suffers from a missing authentication issue. This allows unauthenticated remote attackers to log into the system as arbitrary users by exploiting a specific functionality. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.