Marcin Węgłowski

**Name of the Vulnerable Software and Affected Versions** Konsola Proget (server part of the MDM suite) versions prior to 2.17.5 **Description** The issue arises when data provided in a request to the server during new device activation is stored in a database. High-privileged users who download this data as a CSV file and open it in tools like Microsoft Excel may inadvertently corrupt their PC, potentially allowing an attacker to gain remote access to the user's PC. **Recommendations** For versions prior to 2.17.5, update to version 2.17.5 to resolve the issue. As a temporary workaround, consider restricting access to the database and limiting the ability of high-privileged users to download and open potentially malicious CSV files. Avoid using Microsoft Excel or similar tools to open downloaded CSV files from the server until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Proget MDM versions prior to 2.17.5 **Description** A low-privileged user can obtain information about tasks executed on devices controlled by Proget MDM, as well as details of the devices like their UUIDs. To perform the attack, an attacker needs to know a `task id`, but since it's a low integer and there is no limit of requests an attacker can perform to a vulnerable endpoint, the `task id` might be simply brute forced. **Recommendations** For versions prior to 2.17.5, update to version 2.17.5 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoint to minimize the risk of exploitation. Avoid using the `task id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Proget MDM (affected versions not specified) **Description** The issue concerns a privilege escalation in Proget MDM, where a low-privileged user can retrieve passwords for managed devices. This allows the user to access functionalities restricted by the MDM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Proget MDM versions prior to 2.17.5 **Description** A low-privileged user can access information about changes contained in backups of all devices managed by the MDM, including user ids, email addresses, first names, last names, and device UUIDs. The device UUID can be used for further exploitation. Successful exploitation requires the UUID of a targeted backup, which cannot be brute forced. **Recommendations** For versions prior to 2.17.5, update to version 2.17.5 or later to resolve the issue. As a temporary workaround, consider restricting access to backup information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Konsola Proget versions prior to 2.17.5 **Description** A low-privileged user can access information about profiles created in Proget MDM, which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information, including their usage in connected devices. **Recommendations** For versions prior to 2.17.5, update to version 2.17.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Konsola Proget versions prior to 2.17.5 **Description** The issue is related to improper sanitization of input in the comment section of Konsola Proget, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. **Recommendations** For versions prior to 2.17.5, update to version 2.17.5 to resolve the issue. As a temporary workaround, consider restricting access to the comment section until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Konsola Proget versions prior to 2.17.5 **Description** The issue arises from input in the `activationMessage` field not being sanitized correctly in Konsola Proget, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. **Recommendations** For versions prior to 2.17.5, update to version 2.17.5 to resolve the issue. As a temporary workaround, consider restricting access to the `activationMessage` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mobile Security Framework (MobSF) versions prior to 4.0.5 **Description** The issue is related to an open redirect vulnerability in the authentication view of Mobile Security Framework (MobSF), a security research platform for mobile applications. This vulnerability can be exploited by an attacker to conduct phishing attacks using a specially crafted malicious link. Users who are not using authentication are not impacted. **Recommendations** Update to MobSF version 4.0.5 to resolve the issue. As a temporary workaround, consider disabling authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** POST SMTP Mailer WordPress plugin versions prior to 2.7.1 **Description** The issue allows an unauthenticated attacker to perform XSS attacks against highly privileged users by not escaping email message content before displaying it in the backend. **Recommendations** For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM InfoSphere Information Server version 11.7 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM InfoSphere Information Server version 11.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 7.15.7 Description: The issue is related to insufficient URL sanitization on the booting.aspx page, which can lead to Open Redirection. Recommendations: For versions prior to 7.15.7, update to version 7.15.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Autoptimize WordPress plugin versions prior to 2.7.8 **Description** The issue is related to the "Import Settings" feature of the Autoptimize WordPress plugin, which improperly handles the extraction of uploaded archives. This allows an attacker to upload a zip file containing a directory with a PHP file, bypassing the plugin's attempt to delete malicious files. The vulnerability enables remote code execution. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue. As a temporary workaround, consider disabling the "Import Settings" feature until a patch is available. Restrict access to the uploaded archives and extracted folders to minimize the risk of exploitation. Avoid using the "Import Settings" functionality with untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Autoptimize WordPress plugin versions prior to 2.7.8 **Description** The issue allows a high privilege user to upload malicious files, such as .html, containing JavaScript code via the 'Import Settings' feature. This code can execute when a victim visits index.html inside the plugin directory. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the 'Import Settings' feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Autoptimize WordPress plugin versions prior to 2.7.8 **Description** The issue arises from the insufficient protection against remote code execution (RCE) in the 'Import Settings' feature of the Autoptimize WordPress plugin. A race condition can occur between the time a potentially malicious file is extracted to the disk and the moment it is supposed to be removed, allowing for exploitation. This is a bypass of a previously known issue. **Recommendations** For versions prior to 2.7.8, update to version 2.7.8 or later to resolve the issue.