Ahmad Mahfouz

**Nome do Software Vulnerável e Versões Afetadas** DiskBoss Enterprise versão 7.4.28 DiskBoss Enterprise versão 7.5.12 DiskBoss Enterprise versão 8.2.14 **Descrição** Existe um overflow de buffer baseado em pilha na interface web integrada. O problema origina-se de uma verificação de limites inadequada no componente de caminho das requisições HTTP GET. Um atacante remoto e não autenticado pode desencadear um overflow de buffer ao enviar um URI longo especialmente elaborado, potencialmente levando à execução arbitrária de código com privilégios de SYSTEM em hosts Windows vulneráveis. **Recomendações** DiskBoss Enterprise versão 7.4.28: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. DiskBoss Enterprise versão 7.5.12: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade. DiskBoss Enterprise versão 8.2.14: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Flexense SysGauge version 3.6.18 **Description** The issue allows for remote exploitation of the server, resulting in the attacker gaining system-level access due to a Buffer Overflow. This occurs when the server is operating on port 9221. **Recommendations** For Flexense SysGauge version 3.6.18, consider restricting access to port 9221 until a patch is available. As a temporary workaround, limit the exposure of the server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Flexense VX Search Enterprise version 10.1.12 Description: The issue is related to a denial of service vulnerability in the Control Protocol. It can be triggered by sending a crafted SERVER GET INFO packet to the control port 9123. Recommendations: For Flexense VX Search Enterprise version 10.1.12, consider restricting access to the control port 9123 to minimize the risk of exploitation. As a temporary workaround, limit the ability to send SERVER GET INFO packets to authorized sources until a patch is available.

Name of the Vulnerable Software and Affected Versions: Flexense Disk Pulse Enterprise version 10.1.18 Description: The issue is related to a denial of service vulnerability in the Control Protocol. It can be triggered by sending a crafted SERVER GET INFO packet to the control port 9120. Recommendations: For Flexense Disk Pulse Enterprise version 10.1.18, consider restricting access to control port 9120 to minimize the risk of exploitation. As a temporary workaround, limit the ability to send SERVER GET INFO packets to this port until a patch is available.

Name of the Vulnerable Software and Affected Versions: Flexense DiskBoss Enterprise version 8.5.12 Description: The issue concerns a denial of service vulnerability in the Control Protocol. It can be triggered by sending a crafted SERVER GET INFO packet to the control port 8094. Recommendations: For Flexense DiskBoss Enterprise version 8.5.12, consider restricting access to control port 8094 to minimize the risk of exploitation. As a temporary workaround, limit the handling of SERVER GET INFO packets until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Flexense SysGauge Server version 3.6.18 **Description** The issue concerns a denial of service in the Control Protocol of Flexense SysGauge Server. This can be triggered by sending a crafted SERVER GET INFO packet to the control port 9221. **Recommendations** For Flexense SysGauge Server version 3.6.18, consider restricting access to control port 9221 to minimize the risk of exploitation. As a temporary workaround, limit the handling of SERVER GET INFO packets until a patch is available.