Jean Pascal Pereira

**Name of the Vulnerable Software and Affected Versions** b2ePMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` field in the verify-user.php file. **Recommendations** For b2ePMS version 1.0, consider restricting access to the verify-user.php file until a patch is available. As a temporary workaround, avoid using the `username` field in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Motion version 5.0.7 **Description** The issue is related to an integer overflow in the OZDocument::parseElement function, which can be triggered by a large or small value in the `subview` attribute of a viewer element in a .motn file, leading to a denial of service (application crash). **Recommendations** For Apple Motion version 5.0.7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VLC media player version 2.0.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, by using a crafted PNG file. This is related to the libpng plugin in the VLC media player. **Recommendations** For version 2.0.3, consider updating to a newer version to mitigate the risk of a denial of service attack. As a temporary workaround, avoid using the libpng plugin when handling PNG files until a patch is available.