Barcode up to 2.6.0 on GLPI front/send.php path traversal

A vulnerability was found in Barcode up to 2.6.0 on GLPI and classified as critical. Affected by this issue is an unknown function of the file front/send.php. Upgrading to version 2.6.1 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 428c3d9adfb446e8492b1c2b7affb3d34072ff46 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Common Vulnerabilityies and Exposures

HejHome GKW-IC052 hard-coded credentials [CVE-2021-26611]

A vulnerability, which was classified as critical, has been found in HejHome GKW-IC052 (affected version not known). Affected by this issue is an unknown part. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

BaserCMS ZIP File path traversal [CVE-2021-41279]

A vulnerability, which was classified as critical, was found in BaserCMS (Content Management System) (the affected version unknown). This affects an unknown code of the component ZIP File Handler. Upgrading eliminates this vulnerability. Applying the patch d8ab0a81a7bce35cc95ff7dff851a7e87a084336 is able to eliminate this problem. The bugfix is ready for download at […]

Bandisoft ARK Library Ark_NormalizeAndDupPAthNameW path value integer overflow

A vulnerability has been found in Bandisoft ARK Library (Software Library) (the affected version is unknown) and classified as critical. This vulnerability affects the function Ark_NormalizeAndDupPAthNameW. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.