Heretic2

**Name of the Vulnerable Software and Affected Versions** ASUS Remote Console versions 2.0.0.19 through 2.0.0.24 **Description** A stack-based buffer overflow issue exists in the DPC Proxy server, allowing remote attackers to execute arbitrary code by sending a long string to TCP port 623. **Recommendations** For versions 2.0.0.19 through 2.0.0.24, consider restricting access to TCP port 623 to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Now SMS/MMS Gateway versions 2007.06.27 and earlier **Description** The issue allows remote attackers to execute arbitrary code. This can be achieved via a long password in an Authorization header to the HTTP service or a large packet to the SMPP service. **Recommendations** For Now SMS/MMS Gateway versions 2007.06.27 and earlier, consider updating to a version later than 2007.06.27 to resolve the issue. As a temporary workaround, restrict access to the HTTP and SMPP services to minimize the risk of exploitation. Avoid using long passwords in the Authorization header and limit the size of packets to the SMPP service until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** mod jk2 versions 2.0.3-DEV and earlier **Description** The issue is related to multiple stack-based buffer overflows in the legacy mod jk2 Apache module. This allows remote attackers to execute arbitrary code via a long `Host` header or a `Hostname` within a `Host` header. **Recommendations** For mod jk2 versions 2.0.3-DEV and earlier, consider updating to a newer version that addresses these buffer overflows. As a temporary workaround, restrict access to the `Host` header to minimize the risk of exploitation.