Mike Czumak

**Name of the Vulnerable Software and Affected Versions** VideoCharge Software Watermark Master version 2.2.23 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a long string in the `name` attribute of the `cols` element in a .wstyle file. **Recommendations** For version 2.2.23, consider updating to a newer version that addresses this issue, as using a long string in the `name` attribute of the `cols` element can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) version 6.6 **Description** The issue allows remote authenticated users to gain privileges via a modified `userid` value to unspecified functions. **Recommendations** For version 6.6, consider restricting access to the affected functions until a patch is available. As a temporary workaround, avoid using modified `userid` values in the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) version 6.6 **Description** The issue allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an `op` parameter. This is due to the system not properly restricting JSP function calls. **Recommendations** For version 6.6, restrict access to JSP function calls for users with the Student role to prevent arbitrary operations. Consider temporarily disabling the `op` parameter in affected JSP operations until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) version 6.6 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `docID` parameter in the "admindocumentworker.jsp" page. **Recommendations** For version 6.6, consider restricting access to the "admindocumentworker.jsp" page until a patch is available. As a temporary workaround, avoid using the `docID` parameter in the affected page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) versions 6.6 through 6.8 **Description** The issue allows remote attackers to gain privileges. This is achieved by modifying the `user-role` value to access `home.html` through the `userlogin.jsp` page. **Recommendations** For versions 6.6 through 6.8, consider restricting access to the `userlogin.jsp` page until a fix is available. As a temporary workaround, limit the modification of `user-role` values to prevent unauthorized privilege escalation.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) version 6.6 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via crafted input. **Recommendations** For version 6.6, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) version 6.6 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies. **Recommendations** For version 6.6, update to a version that includes a fix for this issue, as no specific workaround is provided for this version.

**Name of the Vulnerable Software and Affected Versions** Coursemill Learning Management System (LMS) version 6.6 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via vectors related to error messages. **Recommendations** For version 6.6, update to a newer version that contains a fix for this issue, as using outdated software can pose significant security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.