Fady Mohammed Osman

**Name of the Vulnerable Software and Affected Versions** ProjectSend (formerly cFTP) versions r100 through r561 **Description** The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory. This is due to an unrestricted file upload vulnerability in the process-upload.php file. **Recommendations** For versions r100 through r561, restrict access to the upload/files/ and upload/temp/ directories to prevent direct requests to uploaded files. As a temporary workaround, consider disabling the file upload functionality in process-upload.php until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CoCSoft Stream Down version 6.8.0 **Description** A stack-based buffer overflow issue allows remote web servers to execute arbitrary code via a long response to a download request. **Recommendations** For CoCSoft Stream Down version 6.8.0, at the moment, there is no information about a newer version that contains a fix for this issue.