Wireghoul

**Name of the Vulnerable Software and Affected Versions** FarLinX X25 Gateway through 2014-09-25 **Description** The issue allows command injection via shell metacharacters to several PHP files, including `sysSaveMonitorData.php`, `fsx25MonProxy.php`, `syseditdate.php`, `iframeupload.php`, and `sysRestoreX25Cplt.php`. **Recommendations** For FarLinX X25 Gateway versions through 2014-09-25, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using shell metacharacters in inputs to these files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FarLinX X25 Gateway versions through 2014-09-25 **Description** The issue allows directory traversal via the log-handling feature. **Recommendations** For versions through 2014-09-25, consider disabling the log-handling feature as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FarLinX X25 Gateway versions through 2014-09-25 **Description** The issue allows attackers to write arbitrary data to fsUI.xyz via the `fsSaveUIPersistence.php` endpoint. This can be exploited by sending malicious data to the `fsSaveUIPersistence.php` endpoint, potentially leading to unauthorized access or data modification. **Recommendations** For FarLinX X25 Gateway versions through 2014-09-25, consider restricting access to the `fsSaveUIPersistence.php` endpoint until a fix is available. As a temporary workaround, avoid using the `fsSaveUIPersistence.php` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cmfive versions through 2015-03-15 Description: The issue allows remote attackers to obtain sensitive information, including usernames and passwords, via any request, such as a password reset request, when database connectivity malfunctions. This occurs due to a problem in the system/classes/DbPDO.php file. Recommendations: For versions through 2015-03-15, as a temporary workaround, consider restricting access to the `DbPDO.php` file until a patch is available. Avoid using the `system/classes/DbPDO.php` file in requests that may lead to database connectivity malfunctions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenLiteSpeed versions prior to 1.5.0 RC6 **Description** The issue arises from the server's incorrect handling of requests for byte sequences. An attacker can exploit this by amplifying the response size through repeated requests for the entire response body, as seen with an HTTP Range header value starting with the "bytes=0-,0-" substring. **Recommendations** For versions prior to 1.5.0 RC6, update to version 1.5.0 RC6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenLiteSpeed versions prior to 1.5.0 RC6 **Description** The issue allows local users to cause a denial of service or possibly have other unspecified impacts by creating a symlink that invokes the openlitespeed program with a long command name, which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function. **Recommendations** For versions prior to 1.5.0 RC6, update to version 1.5.0 RC6 or later to resolve the issue. As a temporary workaround, consider restricting the ability to create symlinks that could invoke the openlitespeed program with a long command name.

**Name of the Vulnerable Software and Affected Versions** Stormy Studios Knet versions 1.04c and earlier **Description** A buffer overflow issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. **Recommendations** For versions 1.04c and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.