Rene Rehme

**Name of the Vulnerable Software and Affected Versions** Stud.IP versions 5.x through 5.3.3 **Description** The issue allows XSS with resultant upload of executable files because `upload action` and `edit action` in `Admin SmileysController` do not check the file extension. This leads to remote code execution with the privileges of the www-data user. **Recommendations** For versions 5.0.x, update to version 5.0.9. For versions 5.1.x, update to version 5.1.7. For versions 5.2.x, update to version 5.2.6. For versions 5.3.x, update to version 5.3.4. As a temporary workaround, consider disabling the `upload action` and `edit action` functions in `Admin SmileysController` until a patch is available. Restrict access to the `Admin SmileysController` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Roundcube versions 1.5.x through 1.5.5 Roundcube versions 1.6.x through 1.6.4 **Description** The issue is related to improper input neutralization during web page creation, which can lead to cross-site scripting (XSS) attacks via a Content-Type or Content-Disposition header, specifically when used for attachment preview or download. This can allow a remote attacker to conduct cross-site scripting attacks. **Recommendations** For Roundcube versions 1.5.x through 1.5.5, update to version 1.5.6 or later. For Roundcube versions 1.6.x through 1.6.4, update to version 1.6.5 or later.

**Name of the Vulnerable Software and Affected Versions** ILIAS version 2013-09-12 **Description** The issue is a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data, which may include sensitive configuration files and documents located outside the documentRoot. This is achieved by manipulating the `file` parameter in a URL, inserting directory traversal sequences to access unauthorized files, potentially compromising the system's security. The vulnerability poses a significant risk to confidentiality and is remotely exploitable over the internet. **Recommendations** As a temporary workaround, consider disabling the ScormAicc module until a patch is available. Restrict access to sensitive files and configuration documents to minimize the risk of exploitation. Avoid using the `file` parameter in URLs that could be manipulated to access unauthorized files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ILIAS version 7.25 **Description** The issue is related to the `exec()` function in the `execQuoted()` method of the `ilUtil` class, which lacks input sanitization. This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system. The vulnerability can be exploited when a highly privileged account accesses an XSS payload, enabling any authenticated user to execute arbitrary operating system commands remotely. **Recommendations** For ILIAS version 7.25, consider disabling the `execQuoted()` method in the `ilUtil` class until a patch is available to prevent the execution of arbitrary operating system commands. Restrict access to the `ilUtil` class to minimize the risk of exploitation. Avoid using the `exec()` function in the `execQuoted()` method until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.