Nhiephon

**Name of the Vulnerable Software and Affected Versions** SolarWinds Web Help Desk (affected versions not specified) **Description** SolarWinds Web Help Desk is susceptible to an XML External Entity (XXE) injection issue that may result in information disclosure. Successful exploitation requires valid, low-privilege access, or access to the local server to modify configuration files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WoWonder Social Network Platform version 4.1.4 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the `offset` parameter at the "requests.php?f=search&s=recipients" endpoint. **Recommendations** For WoWonder Social Network Platform version 4.1.4, consider restricting access to the `offset` parameter in the "requests.php?f=search&s=recipients" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WoWonder Social Network Platform version 4.1.2 **Description** The issue is related to a SQL injection vulnerability. It can be exploited via the `offset` parameter at the "requests.php?f=load-my-blogs" endpoint. **Recommendations** For WoWonder Social Network Platform version 4.1.2, consider restricting access to the "requests.php?f=load-my-blogs" endpoint until a patch is available. As a temporary workaround, avoid using the `offset` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs starting at `FORMATS!GetPlugInInfo+0x0000000000007e30`. **Recommendations** For IrfanView version 4.54, consider restricting access to the `GetPlugInInfo` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs at the FORMATS!GetPlugInInfo+0x0000000000007e62 location. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This violation occurs at the `GetPlugInInfo()` function. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This violation occurs at the FORMATS!GetPlugInInfo+0x0000000000007e20 location. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs at the FORMATS!GetPlugInInfo+0x0000000000007e6e location. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs at the FORMATS!GetPlugInInfo+0x0000000000007e28 location. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs at the FORMATS!ShowPlugInSaveOptions W+0x000000000000755d location. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs starting at FORMATS!ShowPlugInSaveOptions W+0x0000000000007f4b. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs within the ShowPlugInSaveOptions W function. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs at the FORMATS!ShowPlugInSaveOptions W+0x000000000001bcab location. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IrfanView version 4.54 **Description** The issue allows a user-mode write access violation. This occurs starting at FORMATS!GetPlugInInfo+0x0000000000007e82. **Recommendations** For IrfanView version 4.54, at the moment, there is no information about a newer version that contains a fix for this vulnerability.