Dillon Beresford

**Name of the Vulnerable Software and Affected Versions** MatrikonOPC Security Gateway version 1.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an unhandled exception and application crash. This can be achieved via a TCP RST packet. **Recommendations** For MatrikonOPC Security Gateway version 1.0, consider implementing network traffic filtering to block malicious TCP RST packets as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MatrikonOPC A&E Historian version 1.0.0.0 **Description** The issue allows remote attackers to read and delete arbitrary files via a crafted URL, specifically due to a directory traversal vulnerability in the web interface of the Health Monitor service. **Recommendations** For MatrikonOPC A&E Historian version 1.0.0.0, consider restricting access to the web interface of the Health Monitor service until a patch is available. As a temporary workaround, avoid using crafted URLs that could exploit the directory traversal vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wangkongbao CNS-1000 and 1100 **Description** The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to read arbitrary files. The attack can be performed by including a .. (dot dot) in the `lang` or `langid` cookie to port 85. **Recommendations** For Wangkongbao CNS-1000 and 1100, restrict access to the `acloglogin.php` file until a patch is available. As a temporary workaround, consider filtering out .. (dot dot) sequences from the `lang` and `langid` cookies to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** NJStar Communicator MiniSmtp version 3.0.11818 **Description** A buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a crafted packet. **Recommendations** For NJStar Communicator MiniSmtp version 3.0.11818, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** AnyMacro Mail System G4X (affected versions not specified) **Description** A directory traversal issue exists in the web interface, allowing remote attackers to read arbitrary files by including directory traversal sequences in a request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.