Mehmet Ince

**Name of the Vulnerable Software and Affected Versions** Tiki Wiki CMS Groupware versions 15.1 and earlier **Description** An unauthenticated arbitrary file upload issue exists in the Tiki Wiki CMS Groupware software. The vulnerability is located within the ELFinder component’s default connector (`connector.minimal.php`). It allows remote attackers to upload and execute malicious PHP scripts in the context of the web server due to a lack of file type validation. Attackers can craft a POST request to upload executable PHP payloads through the ELFinder interface exposed at `/vendor extra/elfinder/`. **Recommendations** Versions prior to 15.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** CryptoLog (PHP version, affected versions not specified) **Description:** A remote code execution issue exists in CryptoLog (PHP version) due to a combination of SQL injection and command injection vulnerabilities. An unauthenticated attacker can achieve shell access as the web server user. The attack sequence involves exploiting a SQL injection flaw in `login.php` to bypass authentication, followed by command injection in the `/logshares ajax.php` API endpoint. The login bypass is achieved by submitting crafted SQL via the `user` POST parameter. After authentication, the attacker can leverage the `lsid` POST parameter in the `/logshares ajax.php` endpoint to inject and execute a command using $(...) syntax. This exploitation path is not present in the ASP.NET version of CryptoLog released since 2009. **Recommendations:** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostHog (affected versions not specified) **Description** The issue is related to a Server-Side Request Forgery (SSRF) and Information Disclosure vulnerability in the database schema of PostHog. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostHog (affected versions not specified) **Description** The issue concerns a SQL injection vulnerability in PostHog's ClickHouse table functions, potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PostHog versions (affected versions not specified) **Description** The issue concerns a Server-Side Request Forgery (SSRF) and Information Disclosure vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mySCADA myPRO (affected versions not specified) **Description** The issue is related to the improper neutralization of POST requests sent to a specific port with version information. This could be exploited by an attacker to execute arbitrary commands on the affected system. The vulnerability is associated with the failure to neutralize special elements used in the operating system command. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code by sending specially crafted POST requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arista Edge Threat Management versions up to 17.1.1 **Description** Multiple SQL Injection vulnerabilities exist in the reporting application, allowing a user with advanced report application access rights to exploit the SQL injection. This enables them to execute commands on the underlying operating system with elevated privileges. **Recommendations** For Arista Edge Threat Management versions up to 17.1.1, consider restricting access to the reporting application to minimize the risk of exploitation until a security fix is applied. As a temporary workaround, limit the privileges of users with advanced report application access rights to prevent elevated command execution on the underlying operating system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ETM (affected versions not specified) Description: The issue concerns a man-in-the-middle vulnerability in ETM backup uploads. This allows an attacker to intercept backup uploads to ETM. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access. This issue concerns the potential disclosure of authentication tokens for administrators that are expired and unusable, which might be exposed by units that have lost ETM access due to a timeout. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Report application (affected versions not specified) Description: A user with advanced report application access rights can perform actions for which they are not authorized. This issue allows unauthorized actions to be carried out by users with high-level access to the report application. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A user with administrator privileges can perform command injection. This issue allows an administrator to carry out command injection, potentially leading to elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** The issue concerns the ability of administrators to configure an insecure captive portal script. This allows for potential security risks, as an insecure script could be exploited. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** A user with administrator privileges is able to retrieve authentication tokens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arista NG Firewall (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this issue. The specific flaw exists within the ExecManagerImpl class, resulting from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Arista NG Firewall (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this issue. The specific flaw exists within the implementation of the `custom handler` method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this issue to execute code in the context of the `www-data` user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Arista NG Firewall (affected versions not specified) **Description** This issue allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this issue. The specific flaw exists within the ReportEntry class and results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Arista NG Firewall (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the `uvm login` module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PostHog (affected versions not specified) **Description** This issue allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this issue. The specific flaw exists within the implementation of the `database schema` method, resulting from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this issue to execute code in the context of the service account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Cohesive Networks VNS3 (affected versions not specified) Description: This issue allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this issue. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Cohesive Networks VNS3 (affected versions not specified) Description: This issue allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this issue. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this issue to execute code in the context of root. Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.