Qkaiser

**Name of the Vulnerable Software and Affected Versions** ubi-reader versions prior to 0.8.5 **Description** The issue is related to path traversal when running against specifically crafted UBIFS files, allowing an attacker to overwrite files outside of the extraction directory if the process has write access. This occurs because a node name (`dent node.name`) is considered trusted and joined to the extraction directory path during processing, and then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g., ../../tmp/outside.txt), it's possible to force the software to write outside of the extraction directory. **Recommendations** For versions prior to 0.8.5, update to version 0.8.5 or later to resolve the issue. As a temporary workaround, consider restricting write access to sensitive files and directories to minimize the risk of exploitation. Additionally, be cautious when processing UBIFS files from untrusted sources.

**Name of the Vulnerable Software and Affected Versions** binwalk versions 2.1.2b through 2.3.3 **Description** binwalk is susceptible to a path traversal vulnerability. An attacker can exploit this by crafting a malicious PFS filesystem file, which allows them to extract files to arbitrary locations when binwalk is run in extraction mode (using the -e option). This can lead to remote code execution by extracting a malicious binwalk module into the `.config/binwalk/plugins` folder. The vulnerability is associated with the `src/binwalk/plugins/unpfs.py` file. **Recommendations** Upgrade to a version of binwalk newer than 2.3.3.

**Name of the Vulnerable Software and Affected Versions** UBI Reader versions up to 0.8.0 **Description** A vulnerability has been found in the UBIFS File Handler component, specifically affecting the `ubireader extract files` function of the file `ubireader/ubifs/output.py`. This issue leads to path traversal and can be exploited remotely. **Recommendations** For UBI Reader versions up to 0.8.0, upgrade to version 0.8.5 to address this issue. As a temporary workaround, consider restricting access to the `ubireader extract files` function until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Smart Protection Server versions 2.5 before build 2200 Trend Micro Smart Protection Server versions 2.6 before build 2106 Trend Micro Smart Protection Server versions 3.0 before build 1330 **Description** The issue allows remote attackers to read and delete arbitrary files. This is achieved via the `tmpfname` parameter to API endpoints such as "log mgt adhocquery ajaxhandler.php", "log mgt ajaxhandler.php", or the `tf` parameter to "wcs bwlists handler.php". **Recommendations** For Trend Micro Smart Protection Server version 2.5 before build 2200, update to build 2200 or later. For Trend Micro Smart Protection Server version 2.6 before build 2106, update to build 2106 or later. For Trend Micro Smart Protection Server version 3.0 before build 1330, update to build 1330 or later.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Smart Protection Server versions 2.5 before build 2200 Trend Micro Smart Protection Server versions 2.6 before build 2106 Trend Micro Smart Protection Server versions 3.0 before build 1330 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain parameters. This can be done through the `host` or `apikey` parameter in a register action, the `enable` parameter in a save stting action, or the `host` or `apikey` parameter in a test connection action. **Recommendations** For Trend Micro Smart Protection Server version 2.5 before build 2200, update to build 2200 or later. For Trend Micro Smart Protection Server version 2.6 before build 2106, update to build 2106 or later. For Trend Micro Smart Protection Server version 3.0 before build 1330, update to build 1330 or later. As a temporary workaround, consider restricting access to the `ccca ajaxhandler.php` file until a patch is available. Avoid using the `host`, `apikey`, and `enable` parameters in the affected actions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Virtual Mobile Infrastructure versions prior to 5.1 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `password` to "api/v1/cfg/oauth/save identify pfx/". **Recommendations** For versions prior to 5.1, update to version 5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `handle certificate` function in `/vmi/manager/engine/management/commands/apns worker.py` until a patch is available. Avoid using shell metacharacters in the `password` parameter when accessing the "api/v1/cfg/oauth/save identify pfx/" endpoint.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Smart Protection Server versions 2.5 before build 2200 Trend Micro Smart Protection Server versions 2.6 before build 2106 Trend Micro Smart Protection Server versions 3.0 before build 1330 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `spare Community`, `spare AllowGroupIP`, or `spare AllowGroupNetmask` parameter to "admin notification.php" API endpoint. **Recommendations** For Trend Micro Smart Protection Server version 2.5 before build 2200, update to build 2200 or later. For Trend Micro Smart Protection Server version 2.6 before build 2106, update to build 2106 or later. For Trend Micro Smart Protection Server version 3.0 before build 1330, update to build 1330 or later.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Smart Protection Server versions 2.5 before build 2200 Trend Micro Smart Protection Server versions 2.6 before build 2106 Trend Micro Smart Protection Server versions 3.0 before build 1330 **Description** The issue allows local web server users to execute arbitrary code with root privileges. This can be achieved by using a Trojan horse .war file in the Solr webapps directory. **Recommendations** For Trend Micro Smart Protection Server version 2.5, update to build 2200 or later. For Trend Micro Smart Protection Server version 2.6, update to build 2106 or later. For Trend Micro Smart Protection Server version 3.0, update to build 1330 or later.