Reginald Dodd

**Name of the Vulnerable Software and Affected Versions** OpenCats versions prior to 0.9.4-3 **Description** The issue allows remote users to read files on the underlying operating system through an XXE vulnerability. This can be achieved by uploading a file in the docx or odt format. **Recommendations** For versions prior to 0.9.4-3, update to version 0.9.4-3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Expedition Migration tool version 1.0.107 and earlier **Description** The issue allows an unauthenticated attacker with remote access to run system-level commands on the device hosting the service/application. It is due to insufficient input validation in the Palo Alto Networks Migration Tool, which can be exploited by a local attacker to execute arbitrary code with system privileges using a specially crafted request. **Recommendations** For version 1.0.107 and earlier, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IPFire Firewall versions prior to 2.21 Core Update 124 **Description** An authenticated command injection issue exists in the backup.cgi page, allowing an authenticated user with privileges for the affected page to execute arbitrary commands. **Recommendations** For versions prior to 2.21 Core Update 124, update to version 2.21 Core Update 124 or later to resolve the issue. As a temporary workaround, consider restricting access to the backup.cgi page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pfSense versions prior to 2.4.4 **Description** The issue arises from an authenticated command injection vulnerability in the status interfaces.php file, specifically through the dhcp relinquish lease() function. This function passes user input from the `ifdescr` and `ipv` variables in the $ POST parameters to a shell without properly escaping the contents. As a result, an authenticated WebGUI user with sufficient privileges can execute commands as the root user by submitting a request to relinquish a DHCP lease for an interface configured to obtain its address via DHCP. **Recommendations** For versions prior to 2.4.4, update to version 2.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the status interfaces.php page and the dhcp relinquish lease() function to minimize the risk of exploitation. Avoid using the `ifdescr` and `ipv` variables in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mutiny Monitoring Appliance versions prior to 6.1.0-5263 **Description** A command injection issue exists in the maintenance.cgi component, allowing authenticated users with admin interface access to inject arbitrary commands within the filename of a system upgrade upload. **Recommendations** For versions prior to 6.1.0-5263, update to version 6.1.0-5263 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Jigowatt PHP Login & User Management versions prior to 4.1.1 **Description** The issue allows any remote authenticated user to upload .php files to the web server via a profile avatar field in the /classes/profile.class.php file. This results in arbitrary code execution by requesting the .php file. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the profile avatar field or disabling the `profile.class.php` file until a patch is available. Avoid using the profile avatar field in the affected API endpoint until the issue is resolved.