Berk Cem Göksel

**Name of the Vulnerable Software and Affected Versions** Core FTP LE version 2.2 Build 1921 **Description** The issue is related to a buffer overflow that may occur via a PASV response, potentially resulting in a denial of service (DoS) or remote code execution. **Recommendations** For Core FTP LE version 2.2 Build 1921, update to a newer version that contains a fix for this issue to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Pale Moon versions prior to 27.9.3 **Description** A use-after-free issue exists in the DOMProxyHandler::EnsureExpandoObject function. **Recommendations** For versions prior to 27.9.3, update to version 27.9.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ericsson-LG iPECS NMS version A.1Ac Description: The Ericsson-LG iPECS NMS A.1Ac web application has an issue with its access control mechanisms. Specifically, the application does not utilize session IDs, which could allow an attacker to bypass authentication. Recommendations: For Ericsson-LG iPECS NMS version A.1Ac, consider implementing proper session management to prevent unauthorized access until a patch is available. As a temporary workaround, restrict access to the web application to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Ericsson-LG iPECS NMS A.1Ac version (affected versions not specified) Description: The issue allows disclosure of sensitive information, including NMS admin credentials and PostgreSQL database credentials, to logged-in users through responses to certain HTTP POST requests. An attacker must be authenticated to view the credentials in cleartext. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ericsson-LG iPECS NMS (affected versions not specified) **Description** The issue is related to a lack of protection for the SQL query structure, allowing for SQL injection. This can be exploited by a remote attacker to bypass the authentication procedure and execute arbitrary code using the `id` and `passwd` parameters by sending HTTP POST requests. The vulnerability enables attackers to bypass the login page and execute remote code on the operating system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ArGoSoft Mini Mail Server versions 1.0.0.2 and earlier **Description** A denial-of-service issue allows remote attackers to consume CPU resources, possibly due to an infinite loop, via unspecified vectors. **Recommendations** For versions 1.0.0.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.