Robin Tung

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue allows remote attackers to inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege. This can be done by manipulating the URL parameter, which is vulnerable to SQL injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyweb HyCMS-J1 (affected versions not specified) **Description** The issue concerns the failure of Hyweb HyCMS-J1's API to filter POST request parameters, allowing remote attackers to inject SQL syntax and execute commands without privilege. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hyweb HyCMS-J1 (affected versions not specified) **Description** The backend editing function of Hyweb HyCMS-J1 does not filter special characters, allowing users who are logged in to inject JavaScript syntax and perform a stored XSS (Stored Cross-site scripting) attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns the lack of validation for user parameters on multiple login pages, allowing attackers to inject JavaScript syntax for cross-site scripting (XSS) attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue allows attackers to inject and launch SQL commands through a URL parameter, potentially leading to SQL Injection attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns a weak authentication flaw in HGiga MailSherlock, where attackers can grant privileges remotely due to a default password generation mechanism. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue is related to improper validation of specific parameters, allowing attackers to launch command inject attacks remotely and execute arbitrary commands on the system. This can be exploited to gain unauthorized access and control over the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue is related to a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns the function that views the source code in HGiga MailSherlock, which fails to validate specific characters. This flaw allows remote attackers to download arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HGiga MailSherlock (affected versions not specified) **Description** The issue concerns a lack of proper validation for specific URL parameters, allowing attackers to inject JavaScript syntax and execute XSS attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.