Thibaud Kehler

**Name of the Vulnerable Software and Affected Versions** ECi Printanista Hub (formerly FMAudit Printscout) versions prior to 5.5.2 **Description** The login form "/Login" performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. This issue is related to the API endpoint "/Login" and can be exploited by repeatedly requesting this endpoint. **Recommendations** For versions prior to 5.5.2, update to version 5.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/Login" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Canto Cumulus versions through 11.1.3 **Description** A Server-Side Request Forgery issue allows attackers to enumerate the internal network, overload network resources, and possibly have unspecified other impact via the `server` parameter to the "/cwc/login" login form. **Recommendations** For versions through 11.1.3, consider restricting access to the "/cwc/login" login form to minimize the risk of exploitation, and avoid using the `server` parameter in this form until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Statamic versions prior to 3.2.39 Statamic versions prior to 3.3.2 **Description** The issue allows an attacker to confirm a single character of a user's password hash using a specially crafted regular expression filter in the "users" endpoint of the REST API. Multiple requests can eventually uncover the entire hash. The hash is not present in the response, but the presence or absence of a result confirms if the character is in the right position. The API has throttling enabled by default, making this a time-intensive task. Both the REST API and the users endpoint need to be enabled, as they are disabled by default. **Recommendations** For versions prior to 3.2.39, update to version 3.2.39 or later. For versions prior to 3.3.2, update to version 3.3.2 or later. As a temporary workaround, consider disabling the REST API and the users endpoint until a patch is applied. Filtering by password or password hash has been disabled in the fixed versions, this change can be manually applied to mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** PONTON X/P Messenger versions prior to 3.11.2 **Description** An issue was discovered in several functions, which are vulnerable to reflected XSS. This is demonstrated by various API endpoints, such as "private/index.jsp?partners/ShowNonLocalPartners.do?localID=", "private/index.jsp", "private/index.jsp?database/databaseTab.jsp", "private/index.jsp?activation/activationMainTab.jsp", "private/index.jsp?communication/serverTab.jsp", and "private/index.jsp?emailNotification/notificationTab.jsp". **Recommendations** For versions prior to 3.11.2, update to version 3.11.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid using the vulnerable functions in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Payara Micro Community versions 5.2021.6 and below **Description** The issue allows Directory Traversal. **Recommendations** For Payara Micro Community versions 5.2021.6 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** oneup/uploader-bundle versions 1.9.0 through 1.9.2 oneup/uploader-bundle versions 2.0.0 through 2.1.4 **Description** The issue allows remote attackers to upload, copy, and modify files on the filesystem, potentially leading to arbitrary code execution. This is achieved via various parameters in different controllers, such as the `filename` parameter to `BlueimpController.php`, the `dzchunkindex`, `dzuuid`, or `filename` parameter to `DropzoneController.php`, the `qqpartindex`, `qqfilename`, or `qquuid` parameter to `FineUploaderController.php`, the `x-file-id` or `x-file-name` parameter to `MooUploadController.php`, or the `name` or `chunk` parameter to `PluploadController.php`. The vulnerability can be exploited by any users with legitimate access to the upload functionality and can lead to arbitrary code execution, denial of service, and disclosure of confidential information. **Recommendations** For oneup/uploader-bundle versions 1.9.0 through 1.9.2, update to version 1.9.3. For oneup/uploader-bundle versions 2.0.0 through 2.1.4, update to version 2.1.5. As a temporary workaround, consider restricting access to the upload functionality until a patch is applied. Avoid using the vulnerable parameters, such as `filename`, `dzchunkindex`, `dzuuid`, `qqpartindex`, `qqfilename`, `qquuid`, `x-file-id`, `x-file-name`, `name`, and `chunk`, in the affected API endpoints until the issue is resolved.