Nathunandwani

**Name of the Vulnerable Software and Affected Versions** Playground Sessions versions 2.5.582 and earlier **Description** The issue allows anyone with access to UserProfiles.sol to extract the email and password because user credentials are stored in plain text. This affects Playground Sessions for Windows, where the vulnerable file is located at C:Users<USER>AppDataRoamingPlaygroundLocal Store#SharedObjectsPlayground.swfUserProfiles.sol. **Recommendations** For versions 2.5.582 and earlier, consider removing or securing access to the UserProfiles.sol file to prevent unauthorized extraction of user credentials until a patch is available. As a temporary workaround, restrict access to the UserProfiles.sol file to minimize the risk of exploitation. Avoid using the `email` and `password` variables in the affected storage mechanism until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Upwork Time Tracker version 5.2.2.716 **Description** The issue concerns the lack of verification of the SHA256 hash of downloaded program updates, potentially allowing code execution or local privilege escalation by replacing the original update.exe. **Recommendations** For Upwork Time Tracker version 5.2.2.716, consider disabling automatic updates until a patch is available that properly verifies the integrity of updates before execution.

**Name of the Vulnerable Software and Affected Versions** Telerik Fiddler version 5.0.20182.28034 **Description** The issue concerns the lack of verification of the hash of EnableLoopback.exe before its execution, potentially leading to code execution or local privilege escalation if the original EnableLoopback.exe is replaced. **Recommendations** For version 5.0.20182.28034, as a temporary workaround, consider restricting access to EnableLoopback.exe to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.