Ryan Emmons

**Name of the Vulnerable Software and Affected Versions** SonicWall SMA 100 versions (affected versions not specified) **Description** A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file, potentially resulting in a reboot to factory default settings. The issue also allows low-privileged users to escalate to admin/root and execute remote code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Synology BeeStation Manager (BSM) versions prior to 1.1-65374 Synology DiskStation Manager (DSM) versions prior to 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6, and 7.2.2-72806-1 Synology Unified Controller (DSMUC) versions prior to 3.1.4-23079 **Description** An issue exists in the system plugin daemon of Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC) due to improper encoding or escaping of output. This can allow a remote attacker to execute arbitrary code. The vulnerability was discovered during the Pwn2Own competition and is associated with a critical severity rating. Exploitation of this issue has been observed in attacks targeting TrustWallet infrastructure, where a compromised Synology NAS running a vulnerable version of DSM was identified. The root cause is related to improper neutralization of argument delimiters in Vue.JS. **Recommendations** Update Synology BeeStation Manager to version 1.1-65374 or later. Update Synology DiskStation Manager to version 6.2.4-25556-8 or later. Update Synology DiskStation Manager to version 7.1.1-42962-7 or later. Update Synology DiskStation Manager to version 7.2-64570-4 or later. Update Synology DiskStation Manager to version 7.2.1-69057-6 or later. Update Synology DiskStation Manager to version 7.2.2-72806-1 or later. Update Synology Unified Controller to version 3.1.4-23079 or later.

**Name of the Vulnerable Software and Affected Versions** Apache OFBiz versions prior to 18.12.16 **Description** The issue is a Direct Request ('Forced Browsing') vulnerability in Apache OFBiz, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. This vulnerability has been actively exploited by hackers, with over 25,000 requests targeting 4,000 unique sites detected by Imperva. The vulnerability allows for unauthenticated remote code execution. **Recommendations** Apache OFBiz versions prior to 18.12.16: Upgrade to version 18.12.16 to prevent attacks. As a temporary workaround, consider restricting access to vulnerable modules or functions until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Wowza Streaming Engine versions prior to 4.9.1 **Description** The issue is related to insufficient input validation in Wowza Streaming Engine, which can be exploited by a remote attacker to execute arbitrary code. An authenticated Streaming Engine Manager administrator can define a custom application property and poison a stream target for high-privilege remote code execution. The vulnerability exposes thousands of servers to attack. **Recommendations** For Wowza Streaming Engine versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Streaming Engine Manager to minimize the risk of exploitation. Avoid using custom application properties and stream targets until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wowza Streaming Engine versions prior to 4.9.1 **Description** The issue is related to Stored Cross-Site Scripting in the Manager component, which allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard. This can lead to the automatic hijacking of admin accounts. The vulnerability is associated with a lack of protection for the web page structure, enabling a remote attacker to conduct a cross-site scripting (XSS) attack. **Recommendations** For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wowza Streaming Engine versions prior to 4.9.1 **Description** The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to create an XML definition file anywhere on the file system. The vulnerability is due to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to gain access to create an XML file in an arbitrary directory. **Recommendations** For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Wowza Streaming Engine versions prior to 4.9.1 **Description** The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to read any file on the file system if the target directory contains an XML definition file. The vulnerability is caused by incorrect restriction of the path name to a directory with limited access. Exploitation of the vulnerability may allow a remote attacker to gain read access to files. **Recommendations** For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager component to minimize the risk of exploitation. Avoid using the Manager component in environments where sensitive files are stored until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wowza Streaming Engine versions prior to 4.9.1 **Description** The issue is related to a path traversal vulnerability in the Manager component of Wowza Streaming Engine. This vulnerability allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file. The vulnerability is associated with incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to gain access to delete directories. **Recommendations** For versions prior to 4.9.1, update to version 4.9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Manager component to minimize the risk of exploitation. Avoid using the Manager component to delete directories that contain XML definition files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Outlook for Mac (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface in Microsoft Office for Mac. It may allow a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CrushFTP versions prior to 10.5.1 **Description** The issue is related to errors in handling input data in the Object Attribute Handler component of the CrushFTP cross-platform FTP server. Exploitation of this issue may allow a remote attacker to execute arbitrary code by sending specially crafted requests containing AS2 headers. The vulnerability is associated with improper handling of AS2 headers in CrushFTP, allowing an attacker to gain control over user information Java Properties, set arbitrary permissions for reading and deleting files, and potentially lead to system compromise and remote code execution at the root level. It is estimated that thousands of organizations are threatened by this issue, with about 46,088 results mainly distributed in the United States, Germany, and other countries. **Recommendations** For CrushFTP versions prior to 10.5.1, update to version 10.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the AS2 functionality to minimize the risk of exploitation. Additionally, monitor server activity related to AS2, as any such activity should raise immediate suspicions as a potential precursor to an attack.

**Name of the Vulnerable Software and Affected Versions** Ericom PowerTerm WebConnect version 6.0 **Description** The Ericom PowerTerm WebConnect login portal can unsafely write an XSS payload from the `AppPortal` cookie into the page. This issue allows for potential cross-site scripting attacks. **Recommendations** For Ericom PowerTerm WebConnect version 6.0, consider disabling the login portal functionality until a patch is available to prevent potential XSS attacks. Restrict access to the login portal to minimize the risk of exploitation. Avoid using the `AppPortal` cookie in the affected login portal until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.28 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing an attacker to gain full control over the application. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is executed, resulting in the takeover of Oracle VM VirtualBox. It is noted that this vulnerability does not apply to Windows systems. **Recommendations** For versions prior to 6.1.28, update to version 6.1.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.