Rahul Mohandas

**Name of the Vulnerable Software and Affected Versions** RockLiffe MailSite HTTP Mail management agent version 7.0.3.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in CPU consumption and crash, via a malformed query string containing special characters such as "|". **Recommendations** For version 7.0.3.1, consider restricting access to the HTTP Mail management agent to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using special characters in query strings. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Rockliffe MailSite versions 5.x through 6.1.22 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions 5.x through 6.1.22, update to a version later than 6.1.22 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Helpdesk Software Hesk (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication for sensitive pages, including `admin.php` and `admin main.php`, by modifying the `PHPSESSID` session ID parameter or cookie. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.