Nahuel Grisolia

**Name of the Vulnerable Software and Affected Versions** EGroupware versions 1.4.001+.002 through 1.6.001+.002 EGroupware version 1.6.003 and earlier EPL versions 9.1 through 9.1.20100308 EPL versions 9.2 through 9.2.20100308 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `aspell path` or `spellchecker lang` parameters. This can be exploited by sending malicious input to the spellchecker functionality. **Recommendations** For EGroupware versions 1.4.001+.002 through 1.6.001+.002, update to version 1.6.003 or later. For EGroupware version 1.6.003 and earlier, update to version 1.6.003 or later. For EPL versions 9.1 through 9.1.20100308, update to version 9.1.20100309 or later. For EPL versions 9.2 through 9.2.20100308, update to version 9.2.20100309 or later. As a temporary workaround, consider restricting access to the spellchecker functionality until a patch is available. Avoid using the `aspell path` and `spellchecker lang` parameters in the affected spellchecker functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EGroupware versions 1.4.001+.002 through 1.6.001+.002 EGroupware version 1.6.003 and earlier EPL versions 9.1 through 9.1.20100308 EPL versions 9.2 through 9.2.20100308 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `lang` parameter in the login.php file. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For EGroupware versions 1.4.001+.002 through 1.6.001+.002, update to version 1.6.003 or later. For EGroupware version 1.6.003 and earlier, update to version 1.6.003 or later. For EPL versions 9.1 through 9.1.20100308, update to version 9.1.20100309 or later. For EPL versions 9.2 through 9.2.20100308, update to version 9.2.20100309 or later. As a temporary workaround, consider restricting access to the login.php file to minimize the risk of exploitation. Avoid using the `lang` parameter in the affected login.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions 0.8.7e and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `export item id` parameter in the templates export.php file. **Recommendations** For Cacti versions 0.8.7e and earlier, avoid using the `export item id` parameter in the templates export.php file until a fix is available. As a temporary workaround, consider restricting access to the templates export.php file to minimize the risk of exploitation.