Ricardojoserf

Name of the Vulnerable Software and Affected Versions: EMQX versions prior to 5.8.6 Description: Administrators could install arbitrary novel plugins via the Dashboard web interface. The supplier considers this intended behavior; however, version 5.8.6 introduced a defense-in-depth feature requiring CLI approval for plugin installation using the `emqx ctl plugins allow` command. Recommendations: Upgrade to version 5.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ServiceDesk Plus MSP versions prior to 10519 **Description** The issue is related to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality. This bug allows for the enumeration of users, potentially leading to further attacks. **Recommendations** For versions prior to 10519, update to version 10519 or later to resolve the issue. As a temporary workaround, consider restricting access to the Forgot Password functionality until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Jalios JCMS version 10 **Description** The issue allows attackers to access any part of the website and the WebDAV server with administrative privileges via a backdoor account. This is achieved by using any username and a hardcoded `dev` password. **Recommendations** For Jalios JCMS version 10, change the hardcoded `dev` password to prevent unauthorized access. Consider disabling the backdoor account until a more permanent fix is available. Restrict access to the WebDAV server to minimize the risk of exploitation.