Yu Zhang

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Cake Ordering System version 1.0 **Description** A flaw exists in itsourcecode Online Cake Ordering System that could allow for remote code execution. The issue is related to the manipulation of the `ID` argument in the `/updateproduct.php?action=edit` file, leading to a SQL injection. The exploit is publicly available. **Recommendations** Apply updates to address the issue in itsourcecode Online Cake Ordering System version 1.0. As a temporary workaround, restrict access to the `/updateproduct.php?action=edit` file. Avoid using the `ID` parameter in the `/updateproduct.php?action=edit` API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a NULL pointer dereference in the `NET-SNMP-AGENT-MIB::nsLogTable` function. A user with read-write credentials can use a malformed OID in a `SET` request to cause this issue. To mitigate the risk, users should use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, using a complex community string and restricting access to a given IP address range can enhance protection. **Recommendations** To resolve the issue, update to version 5.9.2 or later. As a temporary workaround, consider restricting access to the `NET-SNMP-AGENT-MIB::nsLogTable` function until a patch is applied. Use strong SNMPv3 credentials and avoid sharing them. For SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a NULL pointer dereference in the nsVacmAccessTable component of the net-snmp software. This can be caused by a user with read-write credentials using a malformed OID in a SET to the nsVacmAccessTable. To protect against this, users should use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, using a complex community string and restricting access to a given IP address range can enhance protection. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to apply the patch. As a temporary workaround, consider restricting access to the nsVacmAccessTable component until the patch is applied. Use strong SNMPv3 credentials and avoid sharing them. For SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a NULL pointer dereference in the `nsVacmAccessTable` function. A user with read-only credentials can exploit this by using a malformed OID in a `GET-NEXT` request to cause the dereference. This can potentially impact data integrity. Users should use strong SNMPv3 credentials, avoid sharing credentials, and consider restricting access to a given IP address range for added protection. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to apply the patch. Use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB`, which can cause an out-of-bounds memory access. A user with read-only credentials can exploit this issue. To enhance protection, users should use strong SNMPv3 credentials, avoid sharing credentials, and consider restricting access to a given IP address range for those using SNMPv1 or SNMPv2c. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to resolve the issue. As a temporary workaround, consider using strong SNMPv3 credentials and avoiding the sharing of credentials. For users who must use SNMPv1 or SNMPv2c, use a complex community string and restrict access to a given IP address range to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to a malformed OID in a SET request to `SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable`, which can cause an out-of-bounds memory access. A user with read-write credentials can exploit this issue. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later. As a temporary workaround, consider using strong SNMPv3 credentials and avoid sharing the credentials. For those who must use SNMPv1 or SNMPv2c, use a complex community string and enhance the protection by restricting access to a given IP address range.

**Name of the Vulnerable Software and Affected Versions** net-snmp versions prior to 5.9.2 **Description** The issue is related to an Improper Input Validation vulnerability in net-snmp, which can be exploited by a user with read-write credentials when setting malformed OIDs in the master agent and subagent simultaneously. This can allow a remote attacker to execute arbitrary actions. Users should use strong SNMPv3 credentials and avoid sharing them. For those who must use SNMPv1 or SNMPv2c, using a complex community string and restricting access to a given IP address range can enhance protection. **Recommendations** For versions prior to 5.9.2, update to version 5.9.2 or later to patch the vulnerability. As a temporary workaround, consider using strong SNMPv3 credentials and avoiding shared credentials. Restrict access to a given IP address range to minimize the risk of exploitation for users of SNMPv1 or SNMPv2c. Use a complex community string for additional protection when using SNMPv1 or SNMPv2c.

**Name of the Vulnerable Software and Affected Versions** Cisco RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 Cisco RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 Cisco RV215W Wireless-N VPN Router versions prior to 1.3.1.1 **Description** The issue is caused by a buffer overflow in the memory due to improper validation of user-supplied data in the web-based management interface. This could allow a remote attacker to execute arbitrary code on an affected device by sending malicious HTTP requests. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. **Recommendations** For Cisco RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1, update to version 1.2.2.1 or later to resolve the issue. For Cisco RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45, update to version 1.0.3.45 or later to resolve the issue. For Cisco RV215W Wireless-N VPN Router versions prior to 1.3.1.1, update to version 1.3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the web-based management interface until a patch is applied.