Othman Madjoudj

**Name of the Vulnerable Software and Affected Versions** CISOfy Lynis versions prior to 3.0.0 **Description** The issue is related to Incorrect Access Control due to a TOCTOU race condition. This condition allows an unprivileged attacker to bypass the routine that checks log and report file permissions locally. As a result, the attacker can set up a log and report file, control it until the check is performed, and then remove, recreate, and use the file for further attacks. **Recommendations** For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the log and report files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 7.5 **Description** An access bypass issue allows non-privileged users to download files attached to comments if they know or guess the direct URL of the file, even when the parent node is denied access. This issue is relevant when a Drupal site allows attaching File upload fields to any entity type or points individual File upload fields to the private file directory in comments. **Recommendations** For versions prior to 7.5, update to version 7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Piranha version 0.8.6 **Description** The issue concerns the Piranha Configuration Tool, which fails to properly restrict access to webpages. This allows remote attackers to bypass authentication and potentially read or modify the LVS configuration by sending an HTTP POST request. **Recommendations** For Piranha version 0.8.6, consider restricting access to the Piranha Configuration Tool to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sticky Notes versions prior to 0.2.27052012.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `paste user` or `paste lang` parameter to "list.php" or "show.php" API endpoints. **Recommendations** For versions prior to 0.2.27052012.5, update to version 0.2.27052012.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "list.php" and "show.php" API endpoints to minimize the risk of exploitation. Avoid using the `paste user` and `paste lang` parameters in these endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sticky Notes versions prior to 0.2.27052012.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the `paste id` in "admin/modules/mod pastes.php" or "show.php", the `user id` to "admin/modules/mod users.php", the `project` to "list.php", or the `session id` to "show.php". **Recommendations** For versions prior to 0.2.27052012.5, update to version 0.2.27052012.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "admin/modules/mod pastes.php", "show.php", "admin/modules/mod users.php", "list.php", to minimize the risk of exploitation. Avoid using the parameters `paste id`, `user id`, `project`, and `session id` in the affected endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 7.3 **Description** The issue allows remote attackers to bypass intended node access restrictions. This is achieved via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table, specifically affecting the `node access` restrictions. **Recommendations** For versions prior to 7.3, update to version 7.3 or later to resolve the issue.