Msry1

**Name of the Vulnerable Software and Affected Versions** CYRISMA Sensor versions prior to 444 **Description** CYRISMA Sensor before version 444 for Windows contains an insecure folder and file permissions issue. A low-privileged user can exploit this to escalate privileges and execute arbitrary code with NT AUTHORITYSYSTEM privileges. This is achieved by replacing `DataSpotliteAgent.exe` or other binaries called by the `Cyrisma Agent` service during startup. **Recommendations** Update CYRISMA Sensor to version 444 or later. As a temporary workaround, restrict write access to the affected folder and files to prevent unauthorized modification of `DataSpotliteAgent.exe` and other binaries called by the `Cyrisma Agent` service.

**Name of the Vulnerable Software and Affected Versions** OS4Ed OpenSIS Community version 8.0 **Description** The issue is a local file inclusion vulnerability in Modules.php, specifically affecting the `modname` parameter. This vulnerability can disclose arbitrary files from the server's filesystem, provided the application has access to the file. **Recommendations** For OS4Ed OpenSIS Community version 8.0, consider restricting access to the vulnerable Modules.php file, specifically the `modname` parameter, until a patch is available. As a temporary workaround, disabling the Modules.php file or limiting its access can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.