Xinjie Ma

Name of the Vulnerable Software and Affected Versions: PacsOne Server (PACS Server In One Box) versions prior to 7.1.1 Description: The issue is related to SQL injection. Recommendations: For versions prior to 7.1.1, update to version 7.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PacsOne Server (PACS Server In One Box) versions prior to 7.1.1 Description: The issue is related to cross-site scripting (XSS), which is a type of security vulnerability that can be exploited by attackers to inject malicious scripts into websites. Recommendations: For versions prior to 7.1.1, update to version 7.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PacsOne Server (PACS Server In One Box) versions prior to 7.1.1 Description: The issue is related to incorrect access control, which can result in an attacker remotely gaining administrator privileges. Recommendations: For versions prior to 7.1.1, update to version 7.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: PacsOne Server (PACS Server In One Box) versions prior to 7.1.1 Description: The issue affects the PacsOne Server, allowing for file read and manipulation, which can result in remote information disclosure. Recommendations: For versions prior to 7.1.1, update to version 7.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Moxa Inc EDR-G903 Series versions 5.5 or lower Moxa Inc EDR-G902 Series versions 5.5 or lower Moxa Inc EDR-810 Series versions 5.6 or lower **Description** The issue is related to an improper restriction of operations, which may allow remote arbitrary code execution when crafted requests are sent to the device. This can be exploited by a remote attacker using specially formed requests, potentially leading to denial of service. The vulnerability is also described as a buffer overflow in memory, which can be triggered by a crafted request. **Recommendations** For EDR-G903 Series versions 5.5 or lower, update to a version higher than 5.5 to resolve the issue. For EDR-G902 Series versions 5.5 or lower, update to a version higher than 5.5 to resolve the issue. For EDR-810 Series versions 5.6 or lower, update to a version higher than 5.6 to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Moxa Inc VPort 461 Series Firmware versions 3.4 or lower **Description** A command injection issue exists that could allow a remote attacker to execute arbitrary commands in Moxa's VPort 461 Series Industrial Video Servers. **Recommendations** For versions 3.4 or lower, update to a version higher than 3.4 to resolve the issue.