Song

**Name of the Vulnerable Software and Affected Versions** Eclipse Target Management: Terminal and Remote System Explorer (RSE) versions <= 4.5.400 **Description** The issue exists due to the lack of measures to neutralize special elements used in operating system commands. This allows a remote attacker to execute arbitrary code without requiring authentication. **Recommendations** For versions <= 4.5.400, update to a version included in Eclipse IDE 2024-03 or later to resolve the issue. As a temporary workaround, consider restricting access to the Terminal and Remote System Explorer (RSE) until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OMICARD EDM (affected versions not specified) **Description** The issue is related to a hard-coded machine key in OMICARD EDM. This allows an unauthenticated remote attacker to send a serialized payload to the server, which can result in the execution of arbitrary code, manipulation of system data, and disruption of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMICARD EDM (affected versions not specified) **Description** The issue concerns a path traversal vulnerability in OMICARD EDM's mail file relay function. This vulnerability can be exploited by an unauthenticated remote attacker to bypass authentication and access arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMICARD EDM (affected versions not specified) **Description** The issue is related to insufficient validation for user input in OMICARD EDM's API function. This allows an unauthenticated remote attacker to inject arbitrary SQL commands, which can be used to access, modify, or delete the database, or disrupt the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OMICARD EDM (affected versions not specified) **Description** The mail image relay function in OMICARD EDM has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and access arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyUse MailHunter Ultimate (affected versions not specified) **Description** The issue is related to an inadequate validation vulnerability in EasyUse MailHunter Ultimate's cookie deserialization function. Deserializing a cookie containing a malicious payload can trigger this vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system commands, or interrupt services. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Obsidian versions 0.14.x through 0.15.4 **Description** The issue allows remote code execution due to the use of `window.open` without checking the URL, specifically with the `obsidian://hook-get-address` protocol. This can lead to unauthorized code execution. **Recommendations** For Obsidian versions 0.14.x through 0.15.4, update to version 0.15.5 or later to resolve the issue. As a temporary workaround, consider disabling the use of `window.open` for unverified URLs until a patch is applied. Restrict access to the `obsidian://hook-get-address` protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Digiwin BPM (affected versions not specified) **Description** The issue is related to insufficient validation for user input in a function of Digiwin BPM. This allows an unauthenticated remote attacker to inject arbitrary SQL commands, potentially accessing, modifying, or deleting the database, or disrupting the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digiwin BPM (affected versions not specified) **Description** The issue is related to inadequate filtering for URL parameters in Digiwin BPM, allowing an unauthenticated remote attacker to perform a Blind SSRF (Server-Side Request Forgery) attack. This attack can be used to discover the internal network topology based on URL error responses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Digiwin BPM (affected versions not specified) **Description** The issue is related to a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform an XML injection attack to access arbitrary system files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.