Massimiliano Ferraresi

**Name of the Vulnerable Software and Affected Versions** iptraf-ng version 1.2.1 **Description** The issue is related to a stack-based buffer overflow in the iptraf-ng utility, which can be exploited by a remote attacker to execute arbitrary code. This occurs due to the `strcpy` function in src/ifaces.c failing to control the size of input data, leading to a potential overflow of memory on the stack. **Recommendations** For iptraf-ng version 1.2.1, consider disabling the `strcpy` function in src/ifaces.c or restricting its use until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LIVEBOX Collaboration vDesk versions through v018 **Description** An issue in the web application allows Stored Cross-site Scripting (XSS) to occur under the "/api/v1/getbodyfile" endpoint via the `uri` parameter. The application does not properly check parameters sent in HTTP requests before saving them on the server. Crafted JavaScript content can then be reflected back to the end user and executed by the web browser. **Recommendations** For versions through v018, as a temporary workaround, consider restricting access to the "/api/v1/getbodyfile" endpoint to minimize the risk of exploitation. Avoid using the `uri` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LIVEBOX Collaboration vDesk versions through v018 **Description** An issue allows an Unrestricted Upload of a File with a Dangerous Type under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. **Recommendations** For LIVEBOX Collaboration vDesk versions through v018, restrict access to the vShare web site section to minimize the risk of exploitation. Consider implementing file type restrictions and validation to prevent the upload of dangerous files until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SELESTA Visual Access Manager version 4.38.6 **Description** An issue in SELESTA Visual Access Manager allows attackers to modify the `computer` POST parameter related to the ID of a specific reception by POST HTTP request interception. This can lead to unauthorized access to the application and control of many other receptions beyond the assigned one. The issue can be exploited via local network only. **Recommendations** For SELESTA Visual Access Manager version 4.38.6, restrict local network access and monitor logs until a patch is available. As a temporary workaround, consider restricting access to the `computer` POST parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NOKIA NFM-T version R19.9 **Description** An issue allows a remote authenticated attacker to read arbitrary files via Relative Path Traversal under /oms1350/data/cpb/log of the Network Element Manager. This is achieved through the `filename` parameter. **Recommendations** For NOKIA NFM-T version R19.9, consider restricting access to the `/oms1350/data/cpb/log` endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the `filename` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nokia NetAct version 22 **Description** The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to the application's failure to verify a CSRF token. This can be exploited with social engineering or phishing tactics, allowing an attacker to trick users into executing unintended actions. If the victim is a normal user, a successful attack can force them to perform state-changing requests. If the victim is an administrative account, the entire web application can be compromised. **Recommendations** As a temporary workaround, consider disabling access to the /SecurityManagement/html/createuser.jsf endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nokia Web Element Manager versions prior to 22 R1 **Description** A mobile network solution internal fault is found in Nokia Web Element Manager, where an authenticated, unprivileged user can execute administrative functions. Exploitation is not possible from outside of the mobile network solution architecture, meaning it is not possible from mobile network user UEs, roaming networks, or the Internet. Exploitation is possible only from a CSP (Communication Service Provider) mobile network solution internal BTS management network. **Recommendations** For versions prior to 22 R1, update to version 22 R1 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative functions to privileged users only until a patch is available. Restrict access to the internal BTS management network to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LIVEBOX Collaboration vDesk versions through v018 **Description** An issue exists due to Broken Access Control under the "/api/v1/vdesk {DOMAIN}/export" endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system, an operation intended to only be available to the system administrator. **Recommendations** For versions through v018, as a temporary workaround, consider restricting access to the "/api/v1/vdesk {DOMAIN}/export" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low-privilege authenticated user to perform Boolean-based blind SQL Injection on the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint, specifically through the `start` HTTP POST parameter. This enables an attacker to access all database data and obtain access to the WordPress application. Recommendations: For wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint to minimize the risk of exploitation. Avoid using the `start` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low privilege authenticated user to tamper with parameters and delete data of other users present in the same table through `id key` and `id val` parameters. This can lead to an attacker deleting the data of all users in the same table. Recommendations: For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the table publication page to prevent low privilege authenticated users from tampering with the parameters. Avoid using the `id key` and `id val` parameters in the affected table until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low privilege authenticated user to access and manage the data of other users in the same table by tampering with parameters, specifically through the `formdata[wdt ID]` parameter. This enables an attacker to take over user permissions on the table, potentially accessing and managing data of all users in the table. Recommendations: For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `formdata[wdt ID]` parameter to prevent unauthorized data access.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low-privilege authenticated user to perform Boolean-based blind SQL Injection on the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint, specifically through the `length` HTTP POST parameter. This enables an attacker to access all database data and obtain access to the WordPress application. Recommendations: For wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint to minimize the risk of exploitation. Avoid using the `length` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wpDataTables versions prior to 3.4.1 **Description** The issue is related to how wpDataTables handles order direction for server-side tables, leading to a SQL injection. This can be exploited through the "admin-ajax.php?action=get wdtable" endpoint, specifically by manipulating the `order[0][dir]` parameter. **Recommendations** For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin-ajax.php?action=get wdtable" endpoint or avoiding the use of the `order[0][dir]` parameter in this endpoint until the update is applied.