Simon Rawet

**Name of the Vulnerable Software and Affected Versions** BMC Remedy Mid Tier version 9.1SP3 **Description** The issue allows remote logging to be accessed by unauthenticated users, enabling an attacker to hijack system logs. This can include sensitive data such as user names and HTTP data. **Recommendations** For BMC Remedy Mid Tier version 9.1SP3, consider restricting access to remote logging to prevent unauthenticated users from accessing system logs until a fix is available.

**Name of the Vulnerable Software and Affected Versions** BMC Remedy Mid Tier version 9.1SP3 **Description** The system is affected by remote and local file inclusion due to a lack of restrictions on targeted files. This can lead to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE). **Recommendations** For BMC Remedy Mid Tier version 9.1SP3, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, limit the ability to include remote and local files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BMC Remedy Mid Tier version 9.1SP3 **Description** A DOM-based cross-site scripting issue was found in a legacy utility of the software, which can be exploited for cross-site scripting (XSS) attacks. **Recommendations** For version 9.1SP3, consider disabling the legacy utility as a temporary workaround until a patch is available. Restrict access to potentially vulnerable components to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BMC Remedy version 9.1SP3 **Description** The issue allows authenticated code execution. Authenticated users with the right to create reports can utilize BIRT templates to execute code. **Recommendations** For BMC Remedy version 9.1SP3, consider restricting access to report creation and BIRT template usage to minimize the risk of exploitation until a fix is available. As a temporary workaround, limiting the privileges of authenticated users may help reduce the potential impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Go versions 1.8.0 through 1.8.3 Go versions 1.9.0 through 1.9.0 **Description** The issue allows remote command execution through the "go get" command. By using custom domains, an attacker can trick "go get" into reusing a Git checkout from a Subversion repository, potentially executing malicious commands in .git/hooks/ on the system running "go get". This can be achieved by arranging custom domains so that example.com/pkg1 points to a Subversion repository and example.com/pkg1/pkg2 points to a Git repository, and including a Git checkout in the Subversion repository's pkg2 directory. **Recommendations** For Go versions 1.8.0 through 1.8.3, update to version 1.8.4 or later. For Go versions 1.9.0 through 1.9.0, update to version 1.9.1 or later. As a temporary workaround, consider restricting the use of the "go get" command until a patch is available. Avoid using custom domains that point to both Subversion and Git repositories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Go versions prior to 1.8.4 Go versions 1.9.x prior to 1.9.1 **Description** An issue exists where the PLAIN authentication scheme is used on network connections not secured with TLS, contrary to the requirements of RFC 4954. This allows a man-in-the-middle SMTP server to obtain the username and password. The `smtp.PlainAuth` implementation in Go sends the username and password if a man-in-the-middle SMTP server does not advertise STARTTLS but does advertise that PLAIN auth is acceptable. **Recommendations** For Go versions prior to 1.8.4, update to version 1.8.4 or later to resolve the issue. For Go versions 1.9.x prior to 1.9.1, update to version 1.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `smtp.PlainAuth` function to only secure connections until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Helpdesk Pro plugin versions prior to 1.4.0 **Description** The issue allows remote attackers to write to arbitrary .ini files by using a crafted language.save task. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Helpdesk Pro plugin versions prior to 1.4.0 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the `filename` parameter within a "ticket.download attachment" task. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ticket.download attachment task to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Helpdesk Pro plugin versions prior to 1.4.0 for Joomla! **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `ticket code` or `email` parameter. Additionally, remote authenticated users can execute arbitrary SQL commands via the `filter order` parameter. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ticket code`, `email`, and `filter order` parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Helpdesk Pro plugin versions prior to 1.4.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via vectors related to `name` and `message`. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Helpdesk Pro Plugin versions prior to 1.4.0 **Description** The issue allows remote attackers to read the support tickets of arbitrary users by obtaining the target ticketId and navigating to the "http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}" endpoint. **Recommendations** For versions prior to 1.4.0, update to version 1.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /component/helpdeskpro/?view=ticket&id={ticketId} endpoint until the update is applied.