Maximilian Barz

**Name of the Vulnerable Software and Affected Versions** Kape CyberGhostVPN version 8.4.3.12823 **Description** An issue was discovered where user credentials remain in memory after a successful logout, while the process is still open. These credentials can be obtained by dumping the process memory and parsing it. **Recommendations** For Kape CyberGhostVPN version 8.4.3.12823, as a temporary workaround, consider closing the application process after logout to minimize the risk of credential exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeamViewer Client (Full & Host) versions prior to 15.54 **Description** The issue concerns improper fingerprint validation, allowing an attacker with administrative user rights to elevate privileges via executable sideloading. **Recommendations** For versions prior to 15.54, update to version 15.54 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mRemoteNG versions <= 1.76.20 mRemoteNG versions <= 1.77.3-dev **Description** The issue allows attackers to access the contents of configuration files in plain text through a memory dump, thus compromising user credentials when no custom password encryption key has been set. This occurs because mRemoteNG loads configuration files into memory in plain text at application start-up, even if no connection has been established yet. This behavior bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. **Recommendations** For mRemoteNG versions <= 1.76.20, consider setting a custom password encryption key to protect user credentials. For mRemoteNG versions <= 1.77.3-dev, consider setting a custom password encryption key to protect user credentials. As a temporary workaround, consider restricting access to sensitive configuration files until a patch is available.

Name of the Vulnerable Software and Affected Versions: Formidable Form Builder WordPress plugin versions prior to 4.09.05 Description: The issue allows an unauthenticated, remote attacker to inject certain HTML tags, such as <audio>, <video>, <img>, <a>, and <button>, which could lead to a HTML-injection attack by injecting a malicious link. This may trick authenticated users into following the link, resulting in the execution of Javascript code. The problem is due to insufficient sanitization of the `data-frmverify` tag for links in the web-based entry inspection page of affected systems. A successful exploitation, in combination with CSRF, could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user, including stealing the user's account by changing their password or allowing attackers to submit their own code through an authenticated user, resulting in Remote Code Execution. Recommendations: For versions prior to 4.09.05, update to version 4.09.05 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based entry inspection page to minimize the risk of exploitation. Additionally, avoid using the `data-frmverify` tag for links until the issue is resolved. If possible, restrict the ability to edit WordPress PHP code to prevent potential Remote Code Execution attacks.

**Name of the Vulnerable Software and Affected Versions** Macally WIFISD2-2A82 Media and Travel Router version 2.000.010 **Description** The Guest user in the Macally WIFISD2-2A82 Media and Travel Router can reset its own password, which has a vulnerability that can be exploited to take over the administrator account, resulting in shell access. The admin user can read the /etc/shadow file, allowing the password hashes of each user, including root, to be dumped. The root hash can be cracked easily, leading to a complete system compromise. **Recommendations** For Macally WIFISD2-2A82 Media and Travel Router version 2.000.010, consider restricting the Guest user's ability to reset its own password as a temporary workaround until a patch is available. Additionally, limit access to the /etc/shadow file to prevent the dumping of password hashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XAMPP versions prior to 7.2.29 XAMPP versions 7.3.x prior to 7.3.16 XAMPP versions 7.4.x prior to 7.4.4 **Description** An issue was discovered in XAMPP on Windows, allowing an unprivileged user to change a .exe configuration in xampp-contol.ini for all users, including admins, to enable arbitrary command execution. **Recommendations** For XAMPP versions prior to 7.2.29, update to version 7.2.29 or later. For XAMPP versions 7.3.x prior to 7.3.16, update to version 7.3.16 or later. For XAMPP versions 7.4.x prior to 7.4.4, update to version 7.4.4 or later. As a temporary workaround, consider restricting access to the xampp-contol.ini file to prevent unprivileged users from modifying the .exe configuration.