Wirepair

**Name of the Vulnerable Software and Affected Versions** HP Web Jetadmin version 7.5.2546 **Description** The issue allows remote attackers to cause a denial of service, potentially due to an error in the `stricmp()` function from an invalid use of the `$` character, when a malformed request is sent. **Recommendations** For HP Web Jetadmin version 7.5.2546, consider restricting access to prevent malformed requests until a fix is available. As a temporary workaround, avoid using the `$` character in requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** HP Web JetAdmin version 7.5.2546 **Description** The issue allows remote attackers to upload arbitrary files to the printer directory when no password is set. This is related to the `devices update printer fw upload.hts` file in HP Web JetAdmin. **Recommendations** For HP Web JetAdmin version 7.5.2546, set a password to prevent unauthorized access and restrict the ability to upload arbitrary files to the printer directory.

**Name of the Vulnerable Software and Affected Versions** HP Web Jetadmin version 7.5.2546 **Description** A directory traversal issue exists in the setinfo.hts file, allowing remote authenticated attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `setinclude` parameter. **Recommendations** For HP Web Jetadmin version 7.5.2546, avoid using the `setinclude` parameter with .. (dot dot) sequences until a patch is available. As a temporary workaround, consider restricting access to the setinfo.hts file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell OpenManage Web Server version 3.4.0 **Description** A heap-based buffer overflow issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a HTTP POST request with a long application variable. **Recommendations** For Dell OpenManage Web Server version 3.4.0, consider restricting access to the web server until a patch is available to prevent potential denial of service attacks.