Tony Kuo

Name of the Vulnerable Software and Affected Versions: Dr. ID Door Access Control and Personnel Attendance Management system (affected versions not specified) Description: The issue concerns the Dr. ID Door Access Control and Personnel Attendance Management system, where specific page parameters do not filter special characters. This allows remote attackers to use Path Traversal techniques to download credential files from the system without permission. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dr. ID Door Access Control and Personnel Attendance Management system (affected versions not specified) Description: The system uses hard-coded admin default credentials, allowing remote attackers to access the system through the default password and obtain the highest permission. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EIC e-document system (affected versions not specified) **Description** The issue concerns the users' data querying function of the EIC e-document system, which fails to filter special characters. This oversight allows remote attackers to inject SQL syntax and execute arbitrary commands without privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EIC e-document system (affected versions not specified) **Description** The issue concerns the EIC e-document system, which fails to perform complete identity verification for sorting and filtering personnel data. This allows a remote attacker to obtain user credential information without logging into the system, potentially leading to the acquisition of privileged permissions and the execution of arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CyberMail versions 6.x through 7.x **Description** The issue allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. This can lead to unauthorized access to sensitive information. **Recommendations** For versions 6.x through 7.x, update to a version that contains a fix for this issue, as using a specially crafted URL can lead to phishing attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CyberMail versions 6.x through 7.x **Description** The issue allows remote attackers to inject arbitrary script or HTML via a specially crafted URL, potentially leading to cross-site scripting. **Recommendations** For versions 6.x through 7.x, update to a version that includes a fix for this issue, as no specific workaround is provided in the available data.

**Name of the Vulnerable Software and Affected Versions** HGiga C&Cmail CCMAILQ versions before olln-base-6.0-418.i386.rpm HGiga C&Cmail CCMAILN versions before olln-base-5.0-418.i386.rpm **Description** The issue is related to insecure configurations in HGiga C&Cmail, which can be exploited by attackers to access unauthorized functionality. This can be achieved via a crafted URL. **Recommendations** For CCMAILQ versions before olln-base-6.0-418.i386.rpm, update to a version that includes the olln-base-6.0-418.i386.rpm patch. For CCMAILN versions before olln-base-5.0-418.i386.rpm, update to a version that includes the olln-base-5.0-418.i386.rpm patch. As a temporary workaround, consider restricting access to crafted URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HGiga C&Cmail CCMAILQ versions before olln-calendar-6.0-100.i386.rpm HGiga C&Cmail CCMAILN versions before olln-calendar-5.0-100.i386.rpm **Description** The issue allows attackers to inject SQL commands in the URL parameter to execute unauthorized commands. This is a SQL Injection vulnerability. **Recommendations** For CCMAILQ versions before olln-calendar-6.0-100.i386.rpm, update to a version after olln-calendar-6.0-100.i386.rpm. For CCMAILN versions before olln-calendar-5.0-100.i386.rpm, update to a version after olln-calendar-5.0-100.i386.rpm. As a temporary workaround, consider restricting access to the URL parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CyberSolutions CyberMail versions 5.0 and later **Description** The issue allows for cross-site scripting (XSS) via the `ACTION` parameter in the `/cgi-bin/go` endpoint. This could potentially lead to malicious script execution on the client-side. **Recommendations** For CyberSolutions CyberMail versions 5.0 and later, consider restricting access to the `/cgi-bin/go` endpoint until a patch is available. As a temporary workaround, avoid using the `ACTION` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LisoMail, by ArmorX (affected versions not specified) **Description** The issue allows SQL Injections, enabling attackers to access the database without authentication by manipulating a URL parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MAIL2000 versions 6.0 and earlier MAIL2000 version 7.0 **Description** The issue is an Open Redirect vulnerability that affects all browsers, allowing redirection to a malicious site without authentication. This problem impacts numerous mail systems of governments, organizations, companies, and universities. **Recommendations** For MAIL2000 versions 6.0 and earlier, update to a version later than 6.0 to resolve the issue. For MAIL2000 version 7.0, update to a version later than 7.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive mail system functionalities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MAIL2000 versions 6.0 and 7.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the login feature of the "/cgi-bin/portal" endpoint, allowing the execution of arbitrary code via any parameter. This affects many mail systems of governments, organizations, companies, and universities. **Recommendations** For MAIL2000 versions 6.0 and 7.0, as a temporary workaround, consider restricting access to the "/cgi-bin/portal" endpoint until a patch is available. Avoid using any parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MAIL2000 versions 6.0 and 7.0 **Description** The issue allows for the execution of arbitrary code via the `ACTION` parameter in the "/cgi-bin/go" page without requiring authentication. This can be executed for any user accessing the page. It is reported to affect many mail systems of governments, organizations, companies, and universities. **Recommendations** For MAIL2000 versions 6.0 and 7.0, consider restricting access to the "/cgi-bin/go" page until a fix is available, and avoid using the `ACTION` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SUNNET WMPro versions 5.0 through 5.1 **Description** The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication. **Recommendations** For versions 5.0 and 5.1, consider restricting access to the "/teach/course/doajaxfileupload.php" API endpoint until a patch is available. As a temporary workaround, disabling the functionality related to this endpoint may help minimize the risk of exploitation.