Kevin Randall

**Name of the Vulnerable Software and Affected Versions** Free Float FTP version 1.0 **Description** The software contains a buffer overflow in the handler for the STOR command. Remote attackers can execute arbitrary code by sending a specially crafted STOR request with an oversized payload. Attackers can authenticate using anonymous credentials to send a malicious STOR command containing 247 bytes of padding, a return address, and shellcode, triggering code execution on the FTP server. The vulnerable component is the `STOR` command handler. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DVDXPlayer Pro versão 5.5 **Description** Existe um estouro de buffer local envolvendo o tratamento de exceções estruturado (SEH), que é um mecanismo para lidar com exceções de hardware e software. Um invasor local pode executar código arbitrário com privilégios de aplicativo ao criar um arquivo de lista de reprodução .plf malicioso contendo shellcode e NOP sleds para estourar um buffer e sequestrar a cadeia SEH. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** etcd-browser version 87ae63d75260 **Description** An issue was discovered in server.js. By supplying a `/../../../` Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. **Recommendations** For etcd-browser version 87ae63d75260, as a temporary workaround, consider restricting access to the `server.js` file until a patch is available. Avoid using the `/../../../` Directory Traversal input in the affected GET request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** QSC Q-SYS Core Manager versão 8.2.1 Versões do QSC Q-SYS Core Manager anteriores à 8.2.1 **Descrição** Foi descoberta uma vulnerabilidade no QSC Q-SYS Core Manager. Um invasor remoto pode realizar um traversal de diretório por meio do serviço TFTP em execução na porta UDP 69 e obter arquivos do sistema operacional enviando uma solicitação TFTP GET. Por exemplo, um invasor pode ler os arquivos `/etc/passwd` ou `/proc/version`. **Recomendações** Para o QSC Q-SYS Core Manager versão 8.2.1, atualize para uma versão que corrija este problema. Para versões do QSC Q-SYS Core Manager anteriores à 8.2.1, atualize para uma versão que corrija este problema. Como solução temporária, considere desativar o serviço TFTP em execução na porta UDP 69 até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** Lexmark Services Monitor version 2.27.4.0.39 **Description** A remote attacker can exploit a directory traversal issue in the Lexmark Services Monitor to obtain local files on the host operating system. This can be achieved by using a directory traversal technique with `/../../../` or `..%2F..%2F..%2F`. The service is running on TCP port 2070. **Recommendations** For Lexmark Services Monitor version 2.27.4.0.39, consider restricting access to the service running on TCP port 2070 until a patch is available. As a temporary workaround, limit the service's ability to access local files on the host operating system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Titan FTP Server 2019 Build 3505 Description: A Directory Traversal issue was discovered in the Web GUI. When an authenticated user attempts to preview an uploaded file through "PreviewHandler.ashx" by using a `......` technique, arbitrary files can be loaded in the server response outside the root directory. Recommendations: For Titan FTP Server 2019 Build 3505, consider disabling the PreviewHandler.ashx functionality until a patch is available to prevent exploitation of this issue.

**Name of the Vulnerable Software and Affected Versions** Core FTP version 2.0 Build 674 **Description** An issue in the SFTP Server component allows a remote attacker to use a directory traversal technique with the MDTM FTP command to browse outside the root directory. This enables the attacker to determine the existence of a file on the operating system and its last modified date. **Recommendations** For Core FTP version 2.0 Build 674, consider restricting access to the MDTM FTP command as a temporary workaround until a patch is available. Additionally, limiting directory traversal capabilities can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Core FTP version 2.0 Build 674 **Description** A directory traversal issue exists in the SFTP Server component. This issue allows an attacker to use the SIZE command along with a `....` substring to enumerate file existence based on the returned information. **Recommendations** For Core FTP version 2.0 Build 674, consider restricting access to the SFTP Server component until a patch is available. As a temporary workaround, avoid using the SIZE command with the `....` substring to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-601 version 2.02NA **Description** An issue allows an attacker with low privilege "User" account access to intercept the response from a POST request and obtain "Admin" rights due to the admin password being displayed in XML. The vulnerability is related to the transmission of critical information in plain text, which can be exploited by a remote attacker to elevate their privileges. **Recommendations** For D-Link DIR-601 version 2.02NA, as a temporary workaround, consider restricting access to the affected POST request endpoint until a patch is available. Avoid using the device with low privilege accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: D-Link DIR-601 B1 version 2.02NA Description: An issue allows an unauthenticated user on the same local network to obtain the admin username and cleartext password from the administrator's panel. This is achieved through the configuration file restore default, which displays sensitive information in XML. Recommendations: For D-Link DIR-601 B1 version 2.02NA, as a temporary workaround, consider restricting access to the administrator's panel and the configuration file restore default to minimize the risk of exploitation. Avoid using the device on untrusted networks until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.