Bartosz Kwitkowski

**Name of the Vulnerable Software and Affected Versions** Gadu-Gadu (affected versions not specified) **Description** The issue allows remote attackers to spoof the file extension on transmitted files by using a filename with a large number of spaces followed by the real extension. This filename manipulation is not fully displayed in the dialog box, potentially leading to visual truncation and spoofing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Help Center version (affected versions not specified) **Description** The issue may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the `topic` parameter in an "hcp://" URL. However, several researchers have been unable to reproduce this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.