Veno Eivazian

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions 4.8.11+5 and earlier Description: The issue allows an authenticated, remote attacker to exhaust filesystem resources via the "/enginemanager/server/vhost/historical.jsdata" `vhost` parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this by requesting random virtual-host historical data through the Virtual Host Monitoring section, causing database errors and making the device unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the application to an operational state. Recommendations: For Wowza Streaming Engine versions 4.8.11+5 and earlier, as a temporary workaround, consider restricting access to the "/enginemanager/server/vhost/historical.jsdata" endpoint to minimize the risk of exploitation. Additionally, limit the `vhost` parameter usage in the Virtual Host Monitoring section until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Wowza Streaming Engine versions 4.8.11+5 through 4.8.13 Description: A Cross-Site Request Forgery (CSRF) issue allows a remote attacker to delete a user account via the "/enginemanager/server/user/delete.htm" API endpoint using the `userName` parameter. The application does not implement a CSRF token for the GET request. Recommendations: For versions 4.8.11+5 through 4.8.13, update to Wowza Streaming Engine release 4.8.14 to resolve the issue. As a temporary workaround, consider restricting access to the "/enginemanager/server/user/delete.htm" API endpoint to minimize the risk of exploitation. Avoid using the `userName` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Micro Focus Network Automation versions 10.4x through 10.5x Micro Focus Network Automation versions 2018.05 through 2021.05 Description: The issue allows attackers to redirect users to malicious websites after authentication. This could potentially lead to further malicious activities. Recommendations: For versions 10.4x through 10.5x, update to a version that includes the fix for this issue. For versions 2018.05 through 2021.05, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low-privilege authenticated user to perform Boolean-based blind SQL Injection on the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint, specifically through the `start` HTTP POST parameter. This enables an attacker to access all database data and obtain access to the WordPress application. Recommendations: For wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint to minimize the risk of exploitation. Avoid using the `start` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low-privilege authenticated user to perform Boolean-based blind SQL Injection on the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint, specifically through the `length` HTTP POST parameter. This enables an attacker to access all database data and obtain access to the WordPress application. Recommendations: For wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint to minimize the risk of exploitation. Avoid using the `length` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low privilege authenticated user to access and manage the data of other users in the same table by tampering with parameters, specifically through the `formdata[wdt ID]` parameter. This enables an attacker to take over user permissions on the table, potentially accessing and managing data of all users in the table. Recommendations: For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `formdata[wdt ID]` parameter to prevent unauthorized data access.

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2 Description: The issue allows a low privilege authenticated user to tamper with parameters and delete data of other users present in the same table through `id key` and `id val` parameters. This can lead to an attacker deleting the data of all users in the same table. Recommendations: For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the table publication page to prevent low privilege authenticated users from tampering with the parameters. Avoid using the `id key` and `id val` parameters in the affected table until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: File Manager WordPress plugin versions prior to 7.1 Description: A Reflected XSS issue can occur in the default configuration of the plugin when a payload is submitted on the `User-Agent` parameter. This payload is then reflected back on the web application response, specifically on the endpoint "/wp-admin/admin.php?page=wp file manager properties". Recommendations: For versions prior to 7.1, update to version 7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin.php?page=wp file manager properties" endpoint to minimize the risk of exploitation. Avoid using malicious payloads in the `User-Agent` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** wpDataTables versions prior to 3.4.1 **Description** The issue is related to how wpDataTables handles order direction for server-side tables, leading to a SQL injection. This can be exploited through the "admin-ajax.php?action=get wdtable" endpoint, specifically by manipulating the `order[0][dir]` parameter. **Recommendations** For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin-ajax.php?action=get wdtable" endpoint or avoiding the use of the `order[0][dir]` parameter in this endpoint until the update is applied.