Swapgs

**Name of the Vulnerable Software and Affected Versions** TorrentPier versions prior to 2.4.4 **Description** The issue arises from the use of the unsafe native PHP serialization format to deserialize user-controlled cookies in the `get tracks()` function, located in `torrentpier/library/includes/functions.php`. This can be exploited using `phpggc` and the `Guzzle/FW1` chain to write PHP code to an arbitrary file and execute commands on the system. For example, the cookie `bb t` is deserialized when browsing to `viewforum.php`. **Recommendations** For versions prior to 2.4.4, upgrade to version 2.4.4 as soon as it is available to address the issue. As a temporary workaround, consider restricting access to the `viewforum.php` endpoint and avoiding the use of the `bb t` cookie until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: TP-Link Archer A7 AC1750 version 1.0.15 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the handling of MAC addresses by the "tdpServer" endpoint. A crafted TCP message can write stack pointers to the stack. An attacker can leverage this issue to execute code in the context of the root user. Recommendations: For TP-Link Archer A7 AC1750 version 1.0.15, as a temporary workaround, consider restricting access to the `tdpServer` endpoint until a patch is available. Avoid using crafted TCP messages that can write stack pointers to the stack. At the moment, there is no information about a newer version that contains a fix for this issue.