Marc Ruef

**Name of the Vulnerable Software and Affected Versions** saemorris TheRadSystem (affected versions not specified) **Description** A problematic issue has been identified, affecting an unknown function of the file users.php. The manipulation of the `q` argument leads to cross-site scripting. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Guest Management System (affected versions not specified) **Description** A problematic issue was discovered, leading to cleartext storage of passwords in the database. This occurs due to the manipulation of an unknown function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iPhone versions up to 12.4.1 **Description** A critical issue has been found that affects Siri. It is possible to initiate Siri on the same device by playing an audio or video file, which could allow for remote execution of commands. The existence and implications of this issue are disputed by Apple, despite public demonstrations of the attack. **Recommendations** For Apple iPhone versions up to 12.4.1, upgrade to version 13.0 to address this issue. As a temporary workaround, consider restricting the use of Siri on affected devices until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GE Voluson S8 (affected versions not specified) **Description** A critical issue affects the Service Browser, which introduces hard-coded credentials. Local attack is required to exploit this issue. It is recommended to change the configuration settings to mitigate the risk. **Recommendations** Change the configuration settings to remove or alter the hard-coded credentials in the Service Browser. As a temporary workaround, consider restricting local access to the Service Browser until the configuration settings are updated.

**Name of the Vulnerable Software and Affected Versions** GE Voluson S8 (affected versions not specified) **Description** A vulnerability has been found in the file `/uscgi-bin/users.cgi` of the Service Browser, leading to improper authentication and elevated access possibilities. The attack can be launched on the local host. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GE Voluson S8 (affected versions not specified) Windows XP (affected versions not specified) **Description** A critical issue was found in the affected software, related to the underlying Windows XP operating system. The lack of patches may increase the attack surface. To exploit this issue, access to the local network is required. **Recommendations** For GE Voluson S8, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Windows XP, consider applying all available patches to reduce the attack surface. Restrict access to the local network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ISS BlackICE PC Protection (affected versions not specified) **Description** A vulnerability was found in the Update Handler component of ISS BlackICE PC Protection, allowing cleartext transmission of data. This issue is declared as problematic and only affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ISS BlackICE PC Protection (affected versions not specified) **Description** A problem was found in the Update Handler of ISS BlackICE PC Protection, which can be exploited through cross site scripting by manipulating an unknown input. This issue can be attacked remotely. The exploit has been disclosed to the public. It is noted that this issue only affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mirmay Secure Private Browser and File Manager versions up to 2.5 **Description** A race condition in the Auto Lock feature leads to a local authentication bypass. The issue has been publicly disclosed and may be exploited. **Recommendations** For versions up to 2.5, consider disabling the Auto Lock feature to prevent potential exploitation until a fix is available.

**Name of the Vulnerable Software and Affected Versions** WEKA INTEREST Security Scanner versions up to 1.8 **Description** A problematic vulnerability has been found in the Stresstest Scheme Handler of WEKA INTEREST Security Scanner, leading to a denial of service. The attack must be approached locally. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For WEKA INTEREST Security Scanner versions up to 1.8, consider disabling the Stresstest Scheme Handler as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Kiddoware Kids Place (affected versions not specified) **Description** A problematic vulnerability has been found, affecting the Home Button Protection. Repeatedly pressing the button can cause a local denial of service. **Recommendations** Upgrade the affected component to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WEKA INTEREST Security Scanner versions up to 1.8 **Description** A problematic vulnerability has been found in the Webspider component of WEKA INTEREST Security Scanner. The issue allows for denial of service through manipulation of an unknown input, requiring local access to exploit. The exploit has been disclosed to the public. This vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For WEKA INTEREST Security Scanner versions up to 1.8, consider disabling the Webspider component to minimize the risk of exploitation, as these versions are no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WEKA INTEREST Security Scanner versions up to 1.8 **Description** A problematic vulnerability was found in the Stresstest Configuration Handler of the WEKA INTEREST Security Scanner, leading to a local denial of service through manipulation. The exploit has been disclosed to the public and may be used. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For WEKA INTEREST Security Scanner versions up to 1.8, consider disabling the Stresstest Configuration Handler as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ISS BlackICE PC Protection (affected versions not specified) **Description** A critical vulnerability was found in the Cross Site Scripting Detection component of ISS BlackICE PC Protection. The issue allows for privilege escalation through manipulation of POST/PUT/DELETE/OPTIONS Request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shemes GrabIt versions up to 1.7.2 Beta 4 **Description** A problematic issue was found in the NZB Date Parser component. The manipulation of the `date` argument with the input `1000000000000000` as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For versions up to 1.7.2 Beta 4, as a temporary workaround, consider restricting the use of the NZB Date Parser component until a patch is available. Avoid using the `date` argument with large input values in NZB Files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WEKA INTEREST Security Scanner version 1.8 **Description** A problem was found in the HTTP Handler component of the software. This issue can be exploited by manipulating an unknown input, leading to denial of service. The attack can be launched on the local host. The exploit has been disclosed to the public and may be used. This issue affects products that are no longer supported by the maintainer. **Recommendations** For WEKA INTEREST Security Scanner version 1.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pro2col Stingray FTS (affected versions not specified) **Description** A problematic issue has been found in the software, where the manipulation of the `Username` argument leads to cross-site scripting. The attack can be initiated remotely. It is noted that this issue only affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netegrity SiteMinder versions up to 4.5.1 **Description** A critical issue was found in the Login component, specifically affecting the file /siteminderagent/pwcgi/smpwservicescgi.exe. The manipulation of the `target` argument leads to an open redirect. This issue may be exploited as the details have been publicly disclosed. It is noted that this issue only affects products that are no longer supported by the maintainer. **Recommendations** For versions up to 4.5.1, consider disabling the `target` argument in the affected file /siteminderagent/pwcgi/smpwservicescgi.exe as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WEKA INTEREST Security Scanner versions up to 1.8 **Description** A problematic vulnerability was found in the LAN Viewer component of the WEKA INTEREST Security Scanner, which can be exploited to cause a denial of service. The vulnerability requires local attacking and can be triggered by manipulating an unknown input. The exploit has been disclosed to the public. It is noted that this vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For WEKA INTEREST Security Scanner versions up to 1.8, as the products are no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WEKA INTEREST Security Scanner versions up to 1.8 **Description** A vulnerability has been found in the Portscan component, which can be exploited to cause a denial of service. The attack can be initiated remotely and the exploit has been disclosed to the public. This issue affects products that are no longer supported by the maintainer. **Recommendations** For versions up to 1.8, since the products are no longer supported by the maintainer, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the Portscan component to minimize the risk of exploitation.