Rintaro Fujita

Name of the Vulnerable Software and Affected Versions: Active! mail 6 versions 6.30.01004145 through 6.60.06008562 Description: A cross-site scripting issue exists, allowing an arbitrary script to be executed on the logged-in user's web browser when accessing a specially crafted URL. Recommendations: For Active! mail 6 versions 6.30.01004145 through 6.60.06008562, update to a version that includes a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Active! mail 6 versions 6.60.06008562 and earlier Description: A cross-site request forgery issue exists, potentially allowing unintended emails to be sent when a user, who is logged in, accesses a specially crafted URL. Recommendations: For Active! mail 6 versions 6.60.06008562 and earlier, consider implementing measures to verify the authenticity of requests, such as validating the origin of requests or using anti-CSRF tokens, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Trend Micro Security versions 2021 through 2023 **Description** The issue allows an attacker to use a specific executable file as an execution and/or persistence mechanism, potentially executing a malicious program each time the executable file is started. This is due to a DLL Hijacking vulnerability. **Recommendations** For versions 2021 through 2023, update to a version that includes a fix for this issue, as using an outdated version could allow an attacker to exploit the DLL Hijacking vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aterm WF1200C versions 1.2.1 and earlier Aterm WG1200CR versions 1.2.1 and earlier Aterm WG2600HS versions 1.3.2 and earlier **Description** The issue allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via the UPnP function. **Recommendations** For Aterm WF1200C versions 1.2.1 and earlier, consider disabling the UPnP function until a patch is available. For Aterm WG1200CR versions 1.2.1 and earlier, consider disabling the UPnP function until a patch is available. For Aterm WG2600HS versions 1.3.2 and earlier, consider disabling the UPnP function until a patch is available.