Patrick Webster

**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab versions through 9.8 SP1 FP2 (9.8.1.201) **Description** The issue concerns the API Interface of the AWV component, where insufficient sanitization of user input could allow an unauthenticated attacker to conduct SQL injection. This could enable an attacker with specific knowledge to access non-sensitive user provisioning information and execute arbitrary SQL database commands. **Recommendations** For versions through 9.8 SP1 FP2 (9.8.1.201), as a temporary workaround, consider restricting access to the API Interface of the AWV component until a patch is available. Avoid using user input in SQL queries until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions prior to 9.8 SP1 FP2 (9.8.1.201) Description: A vulnerability in the AWV component of Mitel MiCollab could allow an unauthenticated attacker to conduct a CRLF injection attack due to inadequate encoding of user input in URLs. This could enable an attacker to perform a phishing attack by redirecting users to an untrusted site using a specially crafted link. Recommendations: For Mitel MiCollab versions prior to 9.8 SP1 FP2 (9.8.1.201), update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab versions through 9.8 SP1 FP2 (9.8.1.201) **Description** The issue is related to insufficient sanitization of user input in the AWV (Audio, Web and Video Conferencing) component, allowing an unauthenticated attacker to conduct a SQL injection attack. This could enable an attacker to access non-sensitive user provisioning information and execute arbitrary SQL database commands. The vulnerability poses a significant threat to businesses. **Recommendations** For Mitel MiCollab versions through 9.8 SP1 FP2 (9.8.1.201), update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the AWV component until a patch is available. Avoid using user input in SQL queries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mitel MiCollab AWV versions prior to 8.1.2.2 **Description** A SQL injection issue exists due to insufficient input validation for the `session` parameter in the web conferencing component. This could allow an unauthenticated attacker to extract sensitive information from the database and execute arbitrary scripts. **Recommendations** For versions prior to 8.1.2.2, update to version 8.1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the web conferencing component to minimize the risk of exploitation. Avoid using the `session` parameter in affected components until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.11 Moodle versions 2.5.x before 2.5.7 Moodle versions 2.6.x before 2.6.4 Moodle versions 2.7.x before 2.7.1 **Description** The issue arises from the failure to enforce certain capability requirements in specific PHP files, allowing remote attackers to obtain potentially sensitive information, such as usernames and course details, by modifying URLs. **Recommendations** For versions prior to 2.3.11, update to version 2.3.11 or later. For versions 2.4.x before 2.4.11, update to version 2.4.11 or later. For versions 2.5.x before 2.5.7, update to version 2.5.7 or later. For versions 2.6.x before 2.6.4, update to version 2.6.4 or later. For versions 2.7.x before 2.7.1, update to version 2.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** Q2 Solutions ConnX version 4.0.20080606 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `txtEmail` parameter in the "frmLoginPwdReminderPopup.aspx" page. **Recommendations** For version 4.0.20080606, consider restricting access to the `txtEmail` parameter in the "frmLoginPwdReminderPopup.aspx" page until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Installer versions 3.1.4000.1823 through 4.5.6001.22159 **Description** A stack-based buffer overflow issue exists, allowing context-dependent attackers to execute arbitrary code via a long GUID value for the `/x` (also known as `/uninstall`) option. This issue might cross privilege boundaries if `msiexec.exe` is reachable via components such as ActiveX controls, and might additionally require a separate vulnerability in the control. **Recommendations** For Microsoft Windows Installer versions 3.1.4000.1823 through 4.5.6001.22159, consider restricting access to `msiexec.exe` to minimize the risk of exploitation, especially when reachable via components like ActiveX controls. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tumbleweed SecureTransport Server version 1.0.0.5 **Description** The issue is related to a stack-based buffer overflow in the IActiveXTransfer.FileTransfer method within the SecureTransport FileTransfer ActiveX control. This occurs when a long `remoteFile` parameter is passed, allowing remote attackers to execute arbitrary code. **Recommendations** For version 1.0.0.5, update to Tumbleweed SecureTransport Server 4.6.1 Hotfix 20 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ContentKeeper versions 123.25 and earlier **Description** The issue allows remote authenticated users to obtain passwords in cleartext via the `/cgi-bin/ck/changepw.cgi` API endpoint. This occurs because passwords are placed in cleartext in an INPUT element. **Recommendations** For versions 123.25 and earlier, consider restricting access to the `/cgi-bin/ck/changepw.cgi` API endpoint until a fix is available. As a temporary workaround, avoid using the changepw.cgi endpoint to minimize the risk of password exposure.

**Name of the Vulnerable Software and Affected Versions** Matrix versions after 3.8 **Description** The issue allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the `sq content src` parameter. This can be used to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. **Recommendations** For versions after 3.8, consider restricting access to the `sq content src` parameter to minimize the risk of exploitation. Avoid using the `sq content src` parameter in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MySource Matrix versions 3.8 and earlier MySource versions 2.x **Description** The issue allows remote attackers to use the application as an HTTP proxy server via the `sq remote page url` parameter, enabling access to arbitrary sites with the server's IP address and potentially conducting cross-site scripting (XSS) attacks. **Recommendations** For MySource Matrix versions 3.8 and earlier, consider restricting access to the `sq remote page url` parameter to minimize the risk of exploitation. For MySource versions 2.x, avoid using the `sq remote page url` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Mini versions 4.4.102.M.36 and earlier **Description** The issue allows remote attackers to obtain sensitive information via a direct request for "/search" with an invalid `client` parameter, which reveals the path in an error message. **Recommendations** For Google Mini versions 4.4.102.M.36 and earlier, as a temporary workaround, consider restricting access to the "/search" API endpoint until a patch is available. Avoid using the `client` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.