Liquidworm

**Name of the Vulnerable Software and Affected Versions** JUNG Smart Visu Server version 1.1.1050 **Description** JUNG Smart Visu Server version 1.1.1050 contains a denial of service condition. Unauthenticated attackers can remotely shutdown or reboot the server by sending a single POST request. No authentication is required to trigger the server reboot. **Recommendations** Update JUNG Smart Visu Server to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NUUO NVRmini 2 versions up to 3.0.8 **Description** A critical issue was found in the file /deletefile.php, where the manipulation of the `filename` argument leads to path traversal. This issue can be exploited remotely. **Recommendations** For versions up to 3.0.8, consider restricting access to the /deletefile.php file until a patch is available. As a temporary workaround, avoid using the `filename` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** The issue is related to a cross-site request forgery (CSRF) attack, which can be initiated remotely. It affects the `/admin/service/stop/` component of the TrueConf Server software. The exploitation of this issue may allow an attacker to perform a CSRF attack. **Recommendations** For TrueConf Server version 4.3.7, consider disabling access to the `/admin/service/stop/` endpoint as a temporary workaround until a patch is available. Restrict access to this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** A vulnerability was found in an unknown functionality of the file /admin/group, leading to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For TrueConf Server version 4.3.7, consider restricting access to the /admin/group file until a patch is available. As a temporary workaround, avoid using the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** A vulnerability has been found in the /admin/conferences/get-all-status/ component of TrueConf Server, related to the failure to neutralize script-related HTML tags on a web page. The manipulation of the `keys[]` argument leads to basic cross-site scripting (Reflected). The attack can be initiated remotely. **Recommendations** For TrueConf Server version 4.3.7, consider disabling access to the /admin/conferences/get-all-status/ endpoint until a patch is available. Restrict the use of the `keys[]` argument in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** The issue is related to the lack of neutralization of script-related HTML tags on a web page, specifically affecting the /admin/conferences/list/ file. The manipulation of the `sort` argument leads to basic cross-site scripting (Reflected). This can be exploited by a remote attacker. **Recommendations** For TrueConf Server version 4.3.7, consider disabling access to the /admin/conferences/list/ file until a patch is available. Restrict the use of the `sort` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** The issue is related to the failure to neutralize script-related HTML tags on a web page, which can lead to basic cross-site scripting (Stored). This can be initiated remotely. The exploit has been disclosed publicly and may be used. The manipulation affects an unknown part of the software. **Recommendations** For TrueConf Server version 4.3.7, consider disabling the web interface or restricting access to it until a patch is available to prevent exploitation of the stored cross-site scripting issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** The issue is related to the failure to neutralize script-related HTML tags on the /admin/group/list/ webpage of the TrueConf Server software. This can allow a remote attacker to perform cross-site scripting attacks by manipulating the `checked group id` argument. The attack can be launched remotely. **Recommendations** For TrueConf Server version 4.3.7, consider disabling access to the /admin/group/list/ webpage until a patch is available. Restrict the use of the `checked group id` argument in the affected webpage to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** A problematic vulnerability has been found in TrueConf Server, affecting an unknown part of the file /admin/general/change-lang. The manipulation of the `redirect url` argument leads to an open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability allows a remote attacker to redirect users to an arbitrary URL. **Recommendations** For TrueConf Server version 4.3.7, consider disabling the `/admin/general/change-lang` endpoint or restricting access to it until a patch is available. Avoid using the `redirect url` argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TrueConf Server version 4.3.7 **Description** A problematic issue affects some unknown functionality of the file "/admin/conferences/list/". The manipulation of the argument `domxss` leads to basic cross site scripting (DOM). The attack may be launched remotely. **Recommendations** For TrueConf Server version 4.3.7, consider restricting access to the "/admin/conferences/list/" endpoint until a patch is available. As a temporary workaround, avoid using the `domxss` argument in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Up.Time Monitoring Station versions 7.4.0 (build 13) through 7.5.0 (build 16) **Description** An issue in post2file.php allows an attacker to upload arbitrary files, including .php files that can execute arbitrary OS commands. **Recommendations** For versions 7.4.0 (build 13) through 7.5.0 (build 16), consider restricting access to the post2file.php script until a fix is available. As a temporary workaround, disabling the execution of uploaded files can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ECESA ShieldLink SL175EHQ version 10.7.4 **Description** The issue allows for the addition of superuser accounts via the "cgi-bin/pl web.cgi/util configlogin act" API endpoint, due to a CSRF concern. **Recommendations** For version 10.7.4, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the "cgi-bin/pl web.cgi/util configlogin act" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RSLinx Classic versions 3.90.01 and prior FactoryTalk Linx Gateway versions 3.90.00 and prior **Description** The issue allows an authorized, but non-privileged local user to execute arbitrary code and escalate user privileges on the affected workstation due to an unquoted search path or element. **Recommendations** For RSLinx Classic versions 3.90.01 and prior, update to a version later than 3.90.01 to resolve the issue. For FactoryTalk Linx Gateway versions 3.90.00 and prior, update to a version later than 3.90.00 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ALC WebCTRL, i-Vu, SiteScan Web versions 5.2 through 6.5 ALC WebCTRL, SiteScan Web versions 6.1 and prior ALC WebCTRL, i-Vu versions 6.0 and prior **Description** An Unquoted Search Path or Element issue may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. **Recommendations** For ALC WebCTRL, i-Vu, SiteScan Web versions 5.2 through 6.5, update to a version later than 6.5 to resolve the issue. For ALC WebCTRL, SiteScan Web versions 6.1 and prior, update to a version later than 6.1 to resolve the issue. For ALC WebCTRL, i-Vu versions 6.0 and prior, update to a version later than 6.0 to resolve the issue. As a temporary workaround, consider restricting access to the installation directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ALC WebCTRL, i-Vu, SiteScan Web versions 5.2 through 6.5 ALC WebCTRL, SiteScan Web versions 6.1 and prior ALC WebCTRL, i-Vu versions 6.0 and prior **Description** An Unrestricted Upload of File with Dangerous Type issue allows an authenticated attacker to upload a malicious file, potentially enabling the execution of arbitrary code. **Recommendations** For ALC WebCTRL, i-Vu, SiteScan Web versions 5.2 through 6.5, restrict file upload capabilities to prevent malicious file uploads until a fix is available. For ALC WebCTRL, SiteScan Web versions 6.1 and prior, consider disabling file upload features to minimize the risk of exploitation. For ALC WebCTRL, i-Vu versions 6.0 and prior, avoid using file upload functionality in the affected software until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ALC WebCTRL, i-Vu, SiteScan Web versions prior to 6.5 **Description** A Path Traversal issue was discovered, allowing an authenticated attacker to potentially overwrite files used to execute code. **Recommendations** For versions prior to 6.5, update to version 6.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Micro Focus Rumba versions 9.4.x before 9.4 HF 13960 **Description** The issue is caused by multiple stack-based buffer overflows in COM objects, allowing remote attackers to execute arbitrary code. This can be achieved through various means, including the `NetworkName` property value to `ObjectXSNAConfig.ObjectXSNAConfig` in `iconfig.dll`, the `CPName` property value to `ObjectXSNAConfig.ObjectXSNAConfig` in `iconfig.dll`, the `PrinterName` property value to `ProfileEditor.PrintPasteControl` in `ProfEdit.dll`, the `Data` argument to the `WriteRecords` function in `FTXBIFFLib.AS400FtxBIFF` in `FtxBIFF.dll`, the `Serialized` property value to `NMSECCOMPARAMSLib.SSL3` in `NMSecComParams.dll`, the `UserName` property value to `NMSECCOMPARAMSLib.FirewallProxy` in `NMSecComParams.dll`, the `LUName` property value to `ProfileEditor.MFSNAControl` in `ProfEdit.dll`, the `newVal` argument to the `Load` function in `FTPSFTPLib.SFtpSession` in `FTPSFtp.dll`, or a long `Host` field in the FTP Client. **Recommendations** For Micro Focus Rumba versions 9.4.x before 9.4 HF 13960, update to version 9.4 HF 13960 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable COM objects and functions, such as `ObjectXSNAConfig.ObjectXSNAConfig`, `ProfileEditor.PrintPasteControl`, `FTXBIFFLib.AS400FtxBIFF`, `NMSECCOMPARAMSLib.SSL3`, `NMSECCOMPARAMSLib.FirewallProxy`, `ProfileEditor.MFSNAControl`, and `FTPSFTPLib.SFtpSession`, until a patch is applied. Additionally, avoid using long values for the `Host` field in the FTP Client and be cautious when providing input for the `NetworkName`, `CPName`, `PrinterName`, `Data`, `Serialized`, `UserName`, `LUName`, and `newVal` properties.

**Name of the Vulnerable Software and Affected Versions** Micro Focus Rumba versions 9.x through 9.3 before HF 11997 Micro Focus Rumba versions 9.4.x through 9.4 before HF 12815 **Description** The issue is caused by a stack-based buffer overflow in the `PlayMacro` function in `ObjectXMacro.ObjectXMacro` in `WdMacCtl.ocx` of the Micro Focus Rumba terminal emulator. This can be exploited by a remote attacker to execute arbitrary code using a long `MacroName` argument. **Recommendations** For Micro Focus Rumba versions 9.x through 9.3 before HF 11997, update to version 9.3 HF 11997 or later. For Micro Focus Rumba versions 9.4.x through 9.4 before HF 12815, update to version 9.4 HF 12815 or later. As a temporary workaround, consider restricting the length of the `MacroName` argument to prevent exploitation until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Kallithea versions prior to 0.3 **Description** The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the `came from` parameter to the ` admin/login` API endpoint. **Recommendations** For versions prior to 0.3, update to version 0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` admin/login` API endpoint to minimize the risk of exploitation. Avoid using the `came from` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Free Reprintables ArticleFR version 3.0.6 **Description** The issue allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to "dashboard/users/create/". This is due to multiple cross-site request forgery (CSRF) vulnerabilities. **Recommendations** For Free Reprintables ArticleFR version 3.0.6, as a temporary workaround, consider restricting access to the "dashboard/users/create/" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.