Osanda Malith Jayathissa

**Name of the Vulnerable Software and Affected Versions** Alcatel OSPREY3 MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware prior to EE40 00 02.00 45 **Description** The issue concerns weak permissions set by the installer for certain directories, allowing local users to gain privileges. This is demonstrated by the potential to insert a Trojan horse ServiceManager.exe file into the "Web ConnectonEE40BackgroundService" directory. **Recommendations** For firmware versions prior to EE40 00 02.00 45, update the firmware to EE40 00 02.00 45 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** CMS Made Simple version 2.1.6 **Description** The issue allows remote authenticated administrators to execute arbitrary PHP code via the `code` parameter to "admin/editusertag.php", related to the CreateTagFunction and CallUserTag functions. The vendor has reportedly stated that this behavior is considered "a feature, not a bug." **Recommendations** For CMS Made Simple version 2.1.6, consider disabling access to the "admin/editusertag.php" endpoint or restricting the use of the `code` parameter to prevent arbitrary PHP code execution until a resolution is provided by the vendor.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 5.5.45 and earlier Oracle MySQL Server versions 5.6.26 and earlier **Description** The issue is related to errors in the code of the Server: Parser subcomponent of the MySQL database management system. It allows a remote attacker to cause a denial of service. The vulnerability can be exploited by a high-privileged attacker with network access via multiple protocols, resulting in the ability to cause a hang or frequently repeatable crash of the MySQL Server. **Recommendations** For Oracle MySQL Server versions 5.5.45 and earlier, update to a version later than 5.5.45 to resolve the issue. For Oracle MySQL Server versions 5.6.26 and earlier, update to a version later than 5.6.26 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Two Pilots Exif Pilot version 4.7.2 **Description** A buffer overflow issue exists in the Customize 35mm tab, allowing remote attackers to execute arbitrary code via a long string in the `maker` element in an XML file. **Recommendations** For version 4.7.2, consider updating to a newer version that addresses this issue, as using a long string in the `maker` element can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.3.11 and earlier, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, 2.7.x before 2.7.1 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML via the `Skype ID` profile field in the user/profile.php file. **Recommendations** For Moodle versions 2.3.11 and earlier, update to version 2.3.12 or later. For Moodle versions 2.4.x before 2.4.11, update to version 2.4.11 or later. For Moodle versions 2.5.x before 2.5.7, update to version 2.5.7 or later. For Moodle versions 2.6.x before 2.6.4, update to version 2.6.4 or later. For Moodle versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXV10 W300 router with firmware W300V1.0.0a ZRD LK **Description** The issue concerns the storage of sensitive information under the web root with insufficient access control. This allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for the "basic/tc2wanfun.js" endpoint. **Recommendations** For ZTE ZXV10 W300 router with firmware W300V1.0.0a ZRD LK, consider restricting access to the "basic/tc2wanfun.js" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK **Description** The issue concerns a default password set as `admin` for the admin account, making it easier for remote attackers to gain access through unspecified vectors. **Recommendations** For ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK, change the default admin password to a strong and unique password to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to "Forms/tools admin 1". **Recommendations** For ZTE ZXV10 W300 router version W300V1.0.0a ZRD LK, as a temporary workaround, consider restricting access to the "Forms/tools admin 1" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.