Sarang Tumne

**Name of the Vulnerable Software and Affected Versions** Port Forwarding Wizard version 4.8.0 **Description** The software contains a buffer overflow issue that may allow attackers with local access to run code of their choosing. This is possible due to a long request within the Register feature. An attacker can create a malicious payload, including an egg tag, and overwrite SEH handlers to potentially execute shellcode on Windows systems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nagios Log Server versions prior to 2024R1.0.2 **Description** The software contains a local privilege escalation issue. An attacker with the ability to execute commands as the Apache web user or the backend shell user can gain root access on the affected system. **Recommendations** Update to version 2024R1.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** SimpleMachinesForum versions 2.1.1 and earlier **Description** The issue allows remote authenticated administrators to execute arbitrary code by inserting vulnerable PHP code because themes can be modified by an administrator. The vendor's position is that administrators are intended to have the ability to modify themes and can thus choose any PHP code to be executed on the server. **Recommendations** For SimpleMachinesForum versions 2.1.1 and earlier, as a temporary workaround, consider restricting theme modification capabilities to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImpressCMS versions 1.4.3 and earlier **Description** The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is misconfigured, an attacker can upload a malicious web shell, potentially compromising the entire system. **Recommendations** For ImpressCMS versions 1.4.3 and earlier, update to a version later than 1.4.3 to resolve the issue. As a temporary workaround, consider restricting access to sensitive database information and ensuring proper configuration to prevent malicious web shell uploads.