Tyler Cui

**Name of the Vulnerable Software and Affected Versions** IBM Partner Engagement Manager version 2.0 **Description** The issue is caused by an unsafe deserialization flaw, allowing a remote attacker to execute arbitrary code on the system by sending specially-crafted data. **Recommendations** For IBM Partner Engagement Manager version 2.0, consider disabling the deserialization functionality as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-140L and DIR-640L devices **Description** The issue is related to the storage of credentials in an open manner, allowing remote unauthenticated attackers to discover admin credentials. This can enable a remote attacker to reveal protected information, specifically the admin password. **Recommendations** For D-Link DIR-140L and DIR-640L devices, consider restricting access to the dirary0.js script until a patch is available. As a temporary workaround, avoid using the default admin credentials and change them to strong, unique passwords to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link devices (DSL, DIR, DWR) (affected versions not specified) **Description** The issue is related to the lack of protection for sensitive data in the web interface of D-Link router firmware. It allows remote unauthenticated attackers to discover admin credentials, potentially revealing protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DSL-2770L (affected versions not specified) **Description** The issue is related to the lack of protection for service data in the web interface of D-Link router firmware. It allows remote unauthenticated attackers to discover admin credentials, potentially revealing protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Splunk versions prior to 5.0.8 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to an unspecified vector in Splunk Web. **Recommendations** For versions prior to 5.0.8, update to version 5.0.8 or later to resolve the issue.