Matans

Name of the Vulnerable Software and Affected Versions HerikLyma CPPWebFramework versions up to 3.1 Description A path traversal issue exists in HerikLyma CPPWebFramework up to version 3.1 due to manipulation of some unknown processing. Remote exploitation is possible. The exploit is publicly available. Recommendations Update to a newer version of HerikLyma CPPWebFramework that addresses this path traversal issue.

**Name of the Vulnerable Software and Affected Versions** higuma web-audio-recorder-js versions 0.1 and 0.1.1 **Description** A flaw exists in the `extend` function within the `lib/WebAudioRecorder.js` library, specifically in the Dynamic Config Handling component. This allows for improper modification of object prototype attributes. The issue is remotely exploitable, but requires a high level of complexity to successfully execute. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Update to a newer version of higuma web-audio-recorder-js that addresses this issue. As a temporary workaround, consider avoiding the use of the `extend` function within the `lib/WebAudioRecorder.js` library.

**Name of the Vulnerable Software and Affected Versions** Zavy86 WikiDocs versions through 1.0.78 **Description** A vulnerability exists in Zavy86 WikiDocs, potentially allowing for cross site scripting. The issue is located in the file `template.inc.php` and involves manipulation of the `path` argument. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Versions prior to 1.0.78 should be updated.

Name of the Vulnerable Software and Affected Versions: Zavy86 WikiDocs versions through 1.0.77 Description: A critical issue exists in Zavy86 WikiDocs that allows for path traversal. The vulnerability is located in the `image drop upload ajax`/`image delete ajax` function within the `submit.php` file. The attack can be initiated remotely. Recommendations: Upgrade to version 1.0.78.

Name of the Vulnerable Software and Affected Versions: Cockpit versions up to 2.11.3 Description: A issue was found in the processing of the file /system/users/save, where the manipulation of the argument `name` or `email` leads to cross-site scripting. The attack may be initiated remotely. It is estimated that this issue may affect some unknown number of devices, but the exact number is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For Cockpit versions up to 2.11.3, upgrade to version 2.11.4 to address this issue. As a temporary workaround, consider restricting access to the /system/users/save file until the upgrade is applied. Avoid using the `name` and `email` arguments in the affected processing until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Monitorr versions up to 1.7.6m Description: A vulnerability was found in Monitorr, affecting an unknown part of the file assets/config/ installation/mkdbajax.php of the component Installer. The manipulation of the `datadir` argument leads to improper input validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Recommendations: For versions up to 1.7.6m, as a temporary workaround, consider restricting access to the `mkdbajax.php` file until a patch is available. Additionally, avoid using the `datadir` argument in the affected Installer component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.