Erick Galindo

**Name of the Vulnerable Software and Affected Versions** Spy Emergency version 25.0.650 **Description** The software contains an unquoted service path vulnerability in its Windows service configurations. This allows local attackers to execute code with elevated privileges. The vulnerability exists due to unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe, enabling malicious code injection during system startup or service restart. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sandboxie version 5.49.7 **Description** The software contains a denial of service issue that allows attackers to crash the application. This is achieved by overflowing the container folder input field. An attacker can paste a large buffer of repeated characters into the Sandbox container folder setting, which triggers an application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sandboxie Plus version 0.7.4 **Description** Sandboxie Plus version 0.7.4 has an issue with an unquoted service path in the SbieSvc service. This allows local attackers to potentially run code with elevated privileges. The issue occurs because of the unquoted path, which can be exploited during system startup or reboot to execute malicious executables with LocalSystem permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WifiHotSpot version 1.0.0.0 **Description** WifiHotSpot 1.0.0.0 contains an unquoted service path vulnerability in `WifiHotSpotService.exe`. This allows local attackers to execute code with elevated privileges. The vulnerability can be exploited during system startup or reboot by injecting and running malicious executables with LocalSystem permissions. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider modifying the service path to include quotes to prevent the execution of unauthorized executables.

**Name of the Vulnerable Software and Affected Versions** DiskBoss Service version 12.2.18 **Description** DiskBoss Service version 12.2.18 contains an unquoted service path vulnerability in its binary path configuration. This allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path by placing malicious executables in potential path locations to gain system-level access during service startup. **Recommendations** Ensure the service path is enclosed in quotes to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** BOOTP Turbo version 2.0.0.1253 **Description** BOOTP Turbo version 2.0.0.1253 contains an unquoted service path vulnerability in its Windows service configuration. An attacker can exploit the unquoted path to execute arbitrary code with elevated LocalSystem privileges during system startup or reboot. **Recommendations** Ensure the service path is enclosed in quotes during the Windows service configuration.

**Name of the Vulnerable Software and Affected Versions** DHCP Broadband version 4.1.0.1503 **Description** The software contains an unquoted service path vulnerability in its service configuration. This allows local attackers to execute code with elevated privileges. The vulnerable path is located at 'C:Program FilesDHCP Broadband 4dhcpt.exe', enabling attackers to inject malicious code that executes during service startup with LocalSystem permissions. **Recommendations** Apply appropriate quoting to the service path in the service configuration.

**Name of the Vulnerable Software and Affected Versions** NBMonitor version 1.6.8 **Description** NBMonitor version 1.6.8 is subject to a denial of service condition. An attacker can cause the application to crash by providing a specially crafted input to the registration code field. Specifically, pasting a 256-character buffer into the `registration key` field triggers an application crash and potential system instability. The vulnerable input field is associated with the application’s registration process. **Recommendations** Update to a newer version of NBMonitor that addresses this issue. As a temporary workaround, limit the input length allowed in the `registration key` field to prevent the buffer overflow.

**Nome do Software Vulnerável e Versões Afetadas** Nsauditor versão 3.2.3 **Descrição** O Nsauditor 3.2.3 contém uma vulnerabilidade de negação de serviço no campo de entrada do código de registro. Um atacante pode fazer o aplicativo travar colando um buffer grande de 256 caracteres repetidos no campo `Key`. Isso impacta a disponibilidade do aplicativo. **Recomendações** Evite colar buffers grandes de caracteres repetidos no campo `Key`.

**Name of the Vulnerable Software and Affected Versions** Backup Key Recovery version 2.2.7 **Description** The application contains a flaw that allows for denial of service. An attacker can cause the application to crash by providing a large input to the registration code field. Specifically, pasting a buffer of 256 repeated characters into the registration key field can lead to application instability and a potential crash. The vulnerable input field is the registration key field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.