Masashi Shiraishi

**Name of the Vulnerable Software and Affected Versions** UD-LT2 firmware versions 1.00.008 SE and earlier **Description** An issue exists with the improper neutralization of special elements used in an OS command, allowing for the execution of arbitrary OS commands. This can occur if an attacker logs in with an administrative account and manipulates requests for a certain screen operation. **Recommendations** For UD-LT2 firmware versions 1.00.008 SE and earlier, consider restricting access to administrative accounts and limiting the ability to manipulate screen operation requests until a patch is available. As a temporary workaround, restrict the use of the affected screen operation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Dokodemo eye Smart HD SCR02HD Firmware versions 1.0.3.1000 and earlier **Description** The issue allows remote attackers to execute arbitrary OS commands. **Recommendations** For Firmware versions 1.0.3.1000 and earlier, update to a version later than 1.0.3.1000 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dokodemo eye Smart HD SCR02HD Firmware versions 1.0.3.1000 and earlier **Description** The issue allows authenticated attackers to conduct code injection attacks. **Recommendations** For Firmware versions 1.0.3.1000 and earlier, update to a version later than 1.0.3.1000 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dokodemo eye Smart HD SCR02HD Firmware versions 1.0.3.1000 and earlier **Description** The issue allows authenticated attackers to read arbitrary files via unspecified vectors. This is a directory traversal vulnerability. **Recommendations** For Dokodemo eye Smart HD SCR02HD Firmware versions 1.0.3.1000 and earlier, update to a version later than 1.0.3.1000 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dokodemo eye Smart HD SCR02HD Firmware versions 1.0.3.1000 and earlier **Description** The issue allows remote attackers to bypass access restrictions, enabling them to view information or modify configurations via unspecified vectors. **Recommendations** For Firmware versions 1.0.3.1000 and earlier, update to a version later than 1.0.3.1000 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Buffalo WCR-1166DS versions 1.30 and earlier **Description** The issue allows an attacker to execute arbitrary OS commands. **Recommendations** For Buffalo WCR-1166DS versions 1.30 and earlier, update to a version later than 1.30 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Enterprise Manager Grid Control versions 10.2.0.5 and 11.1.0.7 **Description** The issue affects the integrity of the system, related to the User Interface Framework. The estimated number of potentially affected devices and details about real-world incidents are not specified. **Recommendations** For version 10.2.0.5, at the moment, there is no information about a newer version that contains a fix for this issue. For version 11.1.0.7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions prior to 4.261 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to a vulnerability in the mt-wizard.cgi component. **Recommendations** For versions prior to 4.261, update to version 4.261 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions prior to 4.261 **Description** The issue allows remote attackers to bypass access restrictions. This can lead to sending e-mail to arbitrary addresses or obtaining sensitive information. **Recommendations** For versions prior to 4.261, update to version 4.261 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions 4.24 through 4.25 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors when global templates are not initialized. **Recommendations** For versions 4.24 and 4.25, initialize global templates to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** HP System Management Homepage versions prior to 3.0.1.73 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For versions prior to 3.0.1.73, update to version 3.0.1.73 or later to resolve the issue.