RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the file_id parameter at /CorporateCulture/kaizen_download.aspx.

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_new.aspx.

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx.

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the sys_file_storage_id parameter at /WorkFlow/wf_file_download.aspx.

The Cypher component in Neo4j between v.5.0.0 and v.5.19.0 mishandles IMMUTABLE

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attach_id parameter at /Bulletin/AttachDownLoad.aspx.

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /bulletin/bulletin_template_show.aspx.

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the email_attach_id parameter at /LHMail/AttachDown.aspx.

Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur through an issue in wcscat_s error handling.

An issue was discovered in Logpoint before 7.4.0. It allows Local File Inclusion (LFI) when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming logs.

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authUserList() function.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the unallocatedList() function.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the getDeptList() function.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the commentList() function.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the myProcessList function.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the list function.

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the sql_filter parameter in the authRoleList function.

A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an arbitrary server, which can then be exploited in conjunction with CVE-2024-29209 to execute arbitrary code with elevated privileges. The issue stems from improper permission settings on the application's configuration file, which is stored in a common directory accessible to all users. This file includes critical parameters, such as the update server URL. By default, the application does not enforce adequate access controls on this file, allowing non-privileged users to modify it without administrative consent. An attacker with regular user access can alter the update server URL specified in the configuration file to point to a malicious server. When the application performs its next update check, it will contact the attacker-controlled server. If the system is also vulnerable to CVE-2024-29209, the attacker can deliver a malicious update package that, when executed, grants them elevated privileges. Impact: This vulnerability can lead to a regular user executing code with administrative privileges. This can result in unauthorized access to sensitive data, installation of additional malware, and a full takeover of the affected system. Affected Products: Phish Alert Button (PAB) for Outlook versions 1.10.0-1.10.11 Second Chance Client versions 2.0.0-2.0.9 PIQ Client versions 1.0.0-1.0.15 Remediation: KnowBe4 has released a patch that corrects the permission settings on the configuration file to prevent unauthorized modifications. Automated updates will be pushed to address this issue. Users of affected versions should verify the latest version is applied and, if not, apply the latest updates provided by KnowBe4. Workarounds: Manually set the correct permissions on the configuration file to restrict write access to administrators only. Credits: This vulnerability was discovered by Ceri Coburn at Pen Test Partners, who reported it responsibly to the vendor.