Senzee1984

**Name of the Vulnerable Software and Affected Versions** Stats versions prior to 2.11.21 **Description** The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, `eu.exelban.Stats.SMC.Helper`, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user’s device and execute arbitrary code with root privileges. **Recommendations** For versions prior to 2.11.21, upgrade to version 2.11.21 to address the vulnerability. As a temporary workaround, consider disabling the `shouldAcceptNewConnection` method or restricting access to the `eu.exelban.Stats.SMC.Helper` service until a patch is available. Avoid using the `powermetrics` command in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tabby versions prior to 1.0.217 **Description** Tabby, a highly configurable terminal emulator, enables several high-risk Electron fuses, including `RunAsNode`, `EnableNodeCliInspectArguments`, and `EnableNodeOptionsEnvironmentVariable`. These fuses create potential code injection vectors despite the application being signed with a hardened runtime and lacking dangerous entitlements such as `com.apple.security.cs.disable-library-validation` and `com.apple.security.cs.allow-dyld-environment-variables`. **Recommendations** For versions prior to 1.0.217, update to version 1.0.217 or later to resolve the issue. As a temporary workaround, consider disabling the high-risk Electron fuses, including `RunAsNode`, `EnableNodeCliInspectArguments`, and `EnableNodeOptionsEnvironmentVariable`, until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tabby versions prior to 1.0.216 **Description** The Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application holds powerful permissions including camera, microphone access, and the ability to access personal folders through Apple Events. The concerning entitlements are `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation`, which enable code injection. **Recommendations** For versions prior to 1.0.216, review and remove at least one of the entitlements (`com.apple.security.cs.disable-library-validation` or `com.apple.security.cs.allow-dyld-environment-variables`) to prevent DYLD INSERT LIBRARIES injection while maintaining full application functionality. Update to version 1.0.216 or later to fix the vulnerability.

**Name of the Vulnerable Software and Affected Versions** CraftCMS versions prior to 4.12.5 CraftCMS versions prior to 5.4.6 **Description** A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme. This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. The issue can be exploited if an authenticated administrator account with allowAdminChanges enabled is compromised. **Recommendations** For CraftCMS versions prior to 4.12.5, update to version 4.12.5 or later to fix the vulnerability. For CraftCMS versions prior to 5.4.6, update to version 5.4.6 or later to fix the vulnerability. As a temporary workaround, consider setting allowAdminChanges to false in production to minimize the risk of exploitation. Restrict access to sensitive folders and files to prevent unauthorized access and potential file overwriting. Avoid using the double file:// scheme in file system paths to prevent bypassing local file system validation.

**Name of the Vulnerable Software and Affected Versions** CKAN versions prior to 2.10.5 CKAN versions prior to 2.11.0 **Description** CKAN is an open-source data management system for powering data hubs and data portals. There are a number of CKAN plugins, including XLoader, DataPusher, Resource proxy, and ckanext-archiver, that work by downloading the contents of local or remote files in order to perform some actions with their contents. All of them use the resource URL, and there are currently no checks to limit what URLs can be requested. This means that a malicious (or unaware) user can create a resource with a URL pointing to a place where they should not have access in order for one of the previous tools to retrieve it, known as a Server Side Request Forgery. Users wanting to protect against these kinds of attacks can use one or a combination of the following approaches: (1) Use a separate HTTP proxy like Squid that can be used to allow/disallow IPs, domains, etc., as needed, and make CKAN extensions aware of this setting via the `ckan.download proxy` config option. (2) Implement custom firewall rules to prevent access to restricted resources. (3) Use custom validators on the `url` field to block/allow certain domains or IPs. **Recommendations** For CKAN versions prior to 2.10.5, use a separate HTTP proxy like Squid to allow/disallow IPs, domains, etc., as needed, and make CKAN extensions aware of this setting via the `ckan.download proxy` config option. For CKAN versions prior to 2.11.0, implement custom firewall rules to prevent access to restricted resources. For all affected versions, use custom validators on the `url` field to block/allow certain domains or IPs.

**Name of the Vulnerable Software and Affected Versions** Atlos version 1.0 **Description** An issue in Atlos allows an authenticated attacker to execute arbitrary code via a crafted payload into the `description` field in the `incident` function. **Recommendations** For Atlos version 1.0, as a temporary workaround, consider restricting access to the `incident` function or disabling the ability to input data into the `description` field until a patch is available.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in UserDAO.java allows attackers to execute arbitrary SQL commands via parameters such as `users` and `pass`. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the UserDAO.java module to minimize the risk of exploitation. As a temporary workaround, avoid using the parameters `users` and `pass` in sensitive transactions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in SupplierDAO.java allows attackers to execute arbitrary SQL commands via parameters such as `searchTxt`. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `searchTxt` parameter in the affected API endpoint until a patch is available. As a temporary workaround, review and sanitize all user input to prevent malicious SQL commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in Stocks.java allows attackers to execute arbitrary SQL commands via parameters such as `productcode`. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `productcode` parameter in the affected API endpoint until a patch is available. As a temporary workaround, review and sanitize all input to prevent malicious SQL commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in CustomerDAO.java allows attackers to execute arbitrary SQL commands via parameters such as `searchTxt`. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `searchTxt` parameter in the affected API endpoint until a patch is available. As a temporary workaround, disabling the vulnerable function in CustomerDAO.java may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in ConnectionFactory.java allows attackers to execute arbitrary SQL commands via parameters such as `username`, `password`, etc. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the ConnectionFactory.java module to minimize the risk of exploitation. As a temporary workaround, avoid using the parameters `username` and `password` in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in Stocks.java allows attackers to execute arbitrary SQL commands via the `productcode` parameter. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `productcode` parameter in the affected Stocks.java file until a patch is available. As a temporary workaround, limit the input allowed for the `productcode` parameter to prevent malicious SQL commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue allows attackers to execute arbitrary SQL commands via the parameter `customerCode` in CustomerDAO.java. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `customerCode` parameter to minimize the risk of exploitation. As a temporary workaround, restrict the use of the vulnerable `CustomerDAO.java` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in UserDAO.java allows attackers to execute arbitrary SQL commands via parameters such as `users` and `pass`. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the vulnerable UserDAO.java until a patch is available. Avoid using the parameters `users` and `pass` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in CustomerDAO.java allows attackers to execute arbitrary SQL commands via the `searchTxt` parameter. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `searchTxt` parameter in the CustomerDAO.java file until a patch is available. As a temporary workaround, validate and sanitize all user input to prevent malicious SQL commands.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in UserDAO.java allows attackers to execute arbitrary SQL commands via the `user` parameter. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the UserDAO.java module to minimize the risk of exploitation. Avoid using the `user` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in ConnectionFactoryDAO.java allows attackers to execute arbitrary SQL commands via the `username` parameter. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `username` parameter in the affected API endpoint until a patch is available. As a temporary workaround, review and sanitize all user input to prevent malicious SQL commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sazanrjb InventoryManagementSystem version 1.0 **Description** A SQL injection issue in SupplierDAO.java allows attackers to execute arbitrary SQL commands via the `searchTxt` parameter. This enables unauthorized access and manipulation of database content. **Recommendations** For sazanrjb InventoryManagementSystem version 1.0, consider restricting access to the `searchTxt` parameter in the SupplierDAO.java file until a patch is available. As a temporary workaround, limiting user input validation for the `searchTxt` parameter can help minimize the risk of exploitation.