Tsungshu Chiu

**Name of the Vulnerable Software and Affected Versions** RONDS EPM version 1.19.5 **Description** The issue allows unauthenticated users to leak credentials due to a vulnerable function. In certain circumstances, an attacker can exploit this to execute operating system (OS) commands. **Recommendations** For RONDS EPM version 1.19.5, update to a version that fixes the vulnerability, as the current version allows unauthenticated users to leak credentials and potentially execute OS commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RONDS EPM version 1.19.5 **Description** The issue is related to the improper validation of the `filename` parameter, which could allow an unauthorized user to specify file paths and download files. **Recommendations** For RONDS EPM version 1.19.5, consider restricting access to the `filename` parameter to prevent unauthorized file downloads until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BlogEngine.NET version 3.3.8.0 **Description** An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs allows attackers to execute arbitrary code via uploading a crafted PNG file. **Recommendations** For BlogEngine.NET version 3.3.8.0, consider disabling the UploadController.cs component until a patch is available to prevent arbitrary code execution. Restrict access to the UploadController.cs to minimize the risk of exploitation. Avoid using the UploadController.cs for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache SOAP (affected versions not specified) **Description** The default configuration of Apache SOAP includes an RPCRouterServlet that is available without authentication, allowing an attacker to invoke methods on the classpath that meet certain criteria. Depending on the classes available on the classpath, this could lead to arbitrary remote code execution. This issue only affects products that are no longer supported by the maintainer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache SOAP versions 2.2 and later **Description** An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue only affects products that are no longer supported by the maintainer. **Recommendations** For Apache SOAP versions 2.2 and later, consider disabling the RPCRouterServlet until a patch is available, as these versions are no longer supported by the maintainer. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Citrix XenMobile Server versions through 10.12 RP9 **Description** The issue is related to insufficient access control in the Citrix XenMobile Server, which can be exploited to execute arbitrary code with root privileges. This can be done remotely. The vulnerability is described as an Authenticated Command Injection, leading to remote code execution with root privileges. **Recommendations** For versions through 10.12 RP9, update to a version that includes the fix for this issue to prevent remote code execution with root privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Citrix XenMobile Server versions through 10.12 RP9 **Description** The issue exists due to incorrect restriction of the path name to a directory with limited access. This can allow a remote attacker to execute arbitrary code. The vulnerability is described as an Authenticated Directory Traversal vulnerability, leading to remote code execution. **Recommendations** For versions through 10.12 RP9, update to a version that contains a fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to sensitive directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Vangene deltaFlow E-platform (affected versions not specified) Description: The issue concerns the file upload function, which does not properly perform access control. This allows remote attackers to upload and execute arbitrary files without needing to log in. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Vangene deltaFlow E-platform (affected versions not specified) Description: The issue concerns a Path Traversal vulnerability in the file download function, allowing remote attackers to access credential data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Vangene deltaFlow E-platform (affected versions not specified) Description: The issue concerns the Vangene deltaFlow E-platform, which fails to implement proper protective measures. This allows attackers to remotely obtain privileged permissions by tampering with users' data stored in the `Cookie`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud System (affected versions not specified) **Description** The HR Portal of Soar Cloud System fails to filter specific parameters, allowing remote attackers to inject SQL syntax and obtain all data in the database without privilege. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud System (affected versions not specified) **Description** The issue concerns the HR Portal of the Soar Cloud System, where a specific function accepts any type of object to be deserialized. This allows attackers to send malicious serialized objects, potentially leading to the execution of arbitrary commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soar Cloud System (affected versions not specified) **Description** The HR Portal of Soar Cloud System fails to manage access control, allowing remote attackers to access sensitive data via a specific data packet, such as a user's login information. This can cause the login function to not work. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.