Yorick Koster

Name of the Vulnerable Software and Affected Versions: Windows versions prior to February 2025 patchday Description: A spoofing issue allows attackers to affect the system. This issue is related to the disclosure of NTLM hash, which can be exploited by attackers. The estimated number of potentially affected devices is not specified. The vulnerability is actively exploited and can allow remote attackers to conduct spoofing attacks and gain unauthorized access to protected information. Recommendations: As a temporary workaround, consider restricting access to sensitive resources until a patch is available. Apply the February 2025 Windows Updates to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** InfiniteWP Client Plugin versions 1.5.1.3 through 1.6.0 **Description** A critical issue has been found, affecting an unknown functionality, which leads to injection when manipulated. The attack can be launched remotely. **Recommendations** For InfiniteWP Client Plugin versions 1.5.1.3 through 1.6.0, upgrade to version 1.6.1.1 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Analytics Stats Counter Statistics Plugin version 1.2.2.5 **Description** A critical issue affects some unknown processing, leading to code injection. The manipulation can be initiated remotely. **Recommendations** For Analytics Stats Counter Statistics Plugin version 1.2.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP-Filebase Download Manager Plugin version 3.4.4 **Description** A vulnerability was found in the WP-Filebase Download Manager Plugin, which can be exploited to perform basic cross-site scripting. The attack may be launched remotely, affecting some unknown functionality of the plugin. **Recommendations** For WP-Filebase Download Manager Plugin version 3.4.4, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple Ads Manager Plugin (affected versions not specified) **Description** A critical vulnerability was found in the Simple Ads Manager Plugin, allowing for code injection through remote attacks. The manipulation leads to code injection, and the attack can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Analytics Dashboard Plugin version 2.1.1 **Description** A problematic issue was found, affecting an unknown functionality, which leads to basic cross site scripting. The attack can be launched remotely. **Recommendations** For Google Analytics Dashboard Plugin version 2.1.1, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Global Content Blocks Plugin version 2.1.5 **Description** The issue affects unknown code and leads to cross-site request forgery. The attack can be initiated remotely. **Recommendations** For Global Content Blocks Plugin version 2.1.5, consider disabling the plugin until a patch is available to prevent cross-site request forgery attacks. Restrict access to the plugin's functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** yTNEF (affected versions not specified) Evolution (affected versions not specified) **Description** Multiple directory traversal and buffer overflow issues were found in yTNEF and Evolution's TNEF parser, which is derived from yTNEF. A specially crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.3 through 7.4 Description: The issue is caused by insecure deserialization of user-supplied content by the Java deserialization function, allowing a remote attacker to execute arbitrary commands on the system. By sending a malicious serialized Java object, an attacker could exploit this to execute arbitrary commands. The vulnerability is related to the restoration of untrusted data in memory due to deserialization, which could allow a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted request. Recommendations: For IBM QRadar SIEM versions 7.3 and 7.4, consider disabling the Java deserialization function as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using user-supplied content in the deserialization process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar versions 7.3.0 through 7.3.3 Patch 2 **Description** The issue concerns hard-coded credentials, such as a password or cryptographic key, used for inbound authentication, outbound communication to external components, or encryption of internal data. **Recommendations** For IBM QRadar versions 7.3.0 through 7.3.3 Patch 2, consider changing the hard-coded credentials to unique, secure values to prevent unauthorized access. As a temporary workaround, restrict access to the affected components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar versions 7.3.0 through 7.3.3 Patch 2 **Description** The issue allows an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This is due to a Server Side Request Forgery (SSRF) issue. **Recommendations** For IBM QRadar versions 7.3.0 through 7.3.3 Patch 2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar versions 7.3.0 through 7.3.3 Patch 2 **Description** The issue allows an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. **Recommendations** For IBM QRadar versions 7.3.0 through 7.3.3 Patch 2, update to a version that includes the necessary permission checks to prevent unauthorized access and actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar versions 7.3.0 through 7.3.3 Patch 2 **Description** The issue allows a remote attacker to include arbitrary files by sending a specially-crafted request, which could enable the execution of arbitrary code on the vulnerable server. This could potentially lead to remote code execution. **Recommendations** For IBM QRadar versions 7.3.0 through 7.3.3 Patch 2, consider restricting access to the server until a patch is available to prevent remote attackers from sending specially-crafted requests. As a temporary workaround, limit the ability to specify files from remote systems to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar versions 7.3.0 through 7.3.3 Patch 2 **Description** The issue allows an authenticated user to send a specially crafted command which would be executed as a lower privileged user. **Recommendations** For IBM QRadar versions 7.3.0 through 7.3.3 Patch 2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ytnef (affected versions not specified) **Description** The issue concerns a directory traversal problem. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ivanti Workspace Control versions prior to 10.3.10.0 RES One Workspace (affected versions not specified) **Description** A local authenticated user can execute processes with elevated privileges. **Recommendations** For Ivanti Workspace Control versions prior to 10.3.10.0, update to version 10.3.10.0 or later. For RES One Workspace, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ivanti Workspace Control versions prior to 10.3.0.0 RES One Workspace (affected versions not specified) **Description** An issue allows a local authenticated user to bypass file and folder security restrictions. The attack vector used for this bypass is not specified. **Recommendations** For Ivanti Workspace Control versions prior to 10.3.0.0, update to version 10.3.0.0 or later. For RES One Workspace, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ivanti Workspace Control versions prior to 10.3.10.0 RES One Workspace (affected versions not specified) **Description** A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors. **Recommendations** For Ivanti Workspace Control versions prior to 10.3.10.0, update to version 10.3.10.0 or later to resolve the issue. For RES One Workspace, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ivanti Workspace Control versions prior to 10.3.10.0 RES One Workspace (affected versions not specified) **Description** A local authenticated user can exploit an unspecified attack vector to decrypt the encrypted datastore or relay server password. **Recommendations** For Ivanti Workspace Control versions prior to 10.3.10.0, update to version 10.3.10.0 or later. For RES One Workspace, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pfSense versions 2.4.1 and lower **Description** The issue allows for clickjacking attacks in the CSRF error page, resulting in privileged execution of arbitrary code. This occurs because error detection happens before an X-Frame-Options header is set. **Recommendations** For pfSense versions 2.4.1 and lower, update to version 2.4.2-RELEASE or later to resolve the issue.