Luis Martinez

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.

SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.

**Name of the Vulnerable Software and Affected Versions** ScadaApp for iOS version 1.1.4.0 **Description** The application can be crashed by providing an oversized buffer in the Servername field during login. Specifically, inputting a 257-character buffer can trigger an application crash on iOS devices. The issue results in a denial of service. The vulnerable parameter is `Servername`. **Recommendations** Update to a newer version of ScadaApp for iOS that addresses this issue. As a temporary workaround, limit the length of the input accepted in the `Servername` field during login to prevent the application from crashing.

**Name of the Vulnerable Software and Affected Versions** Studio 5000 Logix Designer version 30.01.00 **Description** Studio 5000 Logix Designer 30.01.00 has an unquoted service path issue within the FactoryTalk Activation Service. This allows local users to potentially run code with higher privileges. The unquoted path, located at `C:Program Files (x86)Rockwell SoftwareFactoryTalk Activation`, can be exploited to inject malicious code that executes with LocalSystem permissions. **Recommendations** Ensure the service path for FactoryTalk Activation Service is properly quoted to prevent malicious code execution.

**Name of the Vulnerable Software and Affected Versions** CodeMeter version 6.60 **Description** CodeMeter 6.60 contains an unquoted service path that may allow local users to execute arbitrary code with elevated system privileges. An attacker can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that would execute with LocalSystem permissions. **Recommendations** Ensure the service path for CodeMeter Runtime Server is properly quoted.

**Name of the Vulnerable Software and Affected Versions** QlikView versão 12.50.20000.0 **Description** Um problema de negação de serviço existe no campo de entrada de endereço do servidor FTP. Atacantes locais podem causar a falha do aplicativo e impedir a funcionalidade normal ao colar um buffer de 300 caracteres no campo de endereço do servidor FTP. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Mocha Telnet Lite versão 4.2 **Description** Um problema de negação de serviço existe que permite que atacantes travem a aplicação manipulando a entrada de configuração do usuário. Especificamente, a sobrescrita do campo 'User' com 350 bytes de caracteres repetidos provoca a falha e impede a funcionalidade normal. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** eBeam Interactive Suite version 3.6 **Description** The software contains an unquoted service path vulnerability within the `eBeam Stylus Driver` service. This allows local users to potentially execute code with elevated privileges. An attacker can exploit the unquoted path located at `C:Program Files (x86)LuidiaeBeam Stylus Driver` to inject malicious executables. These executables would then run with LocalSystem permissions. **Recommendations** Versions prior to 3.6 should be used.

**Name of the Vulnerable Software and Affected Versions** eBeam Education Suite version 2.5.0.9 **Description** The eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability within the 'eBeam Device Service'. This allows local users to potentially execute code with elevated privileges. An attacker can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup. **Recommendations** Apply appropriate quoting to the service path configuration for the 'eBeam Device Service'.

**Name of the Vulnerable Software and Affected Versions** WebSSH for iOS version 14.16.10 **Description** WebSSH for iOS contains a denial of service issue within the mashREPL tool. An attacker can cause the application to crash by providing specially crafted input. Specifically, pasting a 300-character buffer consisting of repeated 'A' characters into the mashREPL input field triggers the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mediconta version 3.7.27 **Description** Mediconta version 3.7.27 contains an unquoted service path vulnerability within the `servermedicontservice`. This allows local users to potentially execute code with elevated privileges. The vulnerability exists due to an unquoted path in C:Program Files (x86)medicont3. An attacker can exploit this by injecting malicious code that executes with LocalSystem permissions during service startup. **Recommendations** Ensure the service path is properly quoted to prevent malicious code execution.

**Name of the Vulnerable Software and Affected Versions** Wondershare Dr.Fone version 11.4.9 **Description** Wondershare Dr.Fone version 11.4.9 has an issue with an unquoted service path in the DFWSIDService. This could allow local users to potentially run arbitrary code. The unquoted path is located at 'C:Program Files (x86)WondershareWondershare Dr.Fone'. An attacker could exploit this by injecting malicious executables that would run with LocalSystem privileges. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wondershare FamiSafe version 1.0 **Description** The software contains an unquoted service path issue within the FSService component. This could allow local users to potentially execute code with elevated privileges. The issue stems from an unquoted path located at C:Program Files (x86)WondershareFamiSafe, which could be exploited to inject malicious code that runs with LocalSystem permissions when the service starts. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider modifying the service path to include quotes.

**Name of the Vulnerable Software and Affected Versions** Wondershare MobileTrans version 3.5.9 **Description** The software contains an unquoted service path vulnerability within the ElevationService. This allows local users to potentially execute code with elevated system privileges. Exploitation involves placing malicious executables in specific filesystem locations, which are then executed with LocalSystem permissions during service startup. **Recommendations** Apply appropriate quoting to the service path to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** Wondershare UBackit version 2.0.5 **Description** The software contains an unquoted service path issue. This allows local users to potentially execute arbitrary code with elevated system privileges. An attacker can exploit the unquoted path in the `wsbackup` service to inject malicious executables. These executables would run with LocalSystem permissions when the service starts. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider modifying the service path to include quotes to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** Emerson PAC Machine Edition version 9.80 **Description** Emerson PAC Machine Edition 9.80 has an issue with an unquoted service path in the TrapiServer service. This could allow local users to potentially run code with higher privileges. An attacker can take advantage of the unquoted path in the service setup to inject malicious code that runs with LocalSystem permissions when the service starts. **Recommendations** Ensure the service path for TrapiServer is properly quoted.

**Name of the Vulnerable Software and Affected Versions** Kyocera Command Center RX ECOSYS M2035dn (affected versions not specified) **Description** The Kyocera Command Center RX ECOSYS M2035dn device contains a directory traversal flaw. Unauthenticated attackers can read sensitive system files by manipulating file paths under the `/js/` path. Exploitation involves sending requests such as `/js/../../../../.../etc/passwd%00.jpg` to access files like `/etc/passwd` and `/etc/shadow`. The `%00` in the request is a null-byte appended traversal technique. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sysax Multi Server version 6.95 **Description** Sysax Multi Server version 6.95 contains a denial of service condition in the administrative password field. An attacker can overwrite the password field with 800 bytes of repeated characters, causing the application to crash and disrupting server functionality. The vulnerable field is the administrative password field. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, limit the length of the administrative password field to prevent the input of 800 repeated characters.

**Nome do Software Vulnerável e Versões Afetadas** Cobian Backup 11 Gravity versão 11.2.0.582 **Descrição** O software contém uma vulnerabilidade de negação de serviço no campo de entrada de senha FTP. Um invasor pode travar o aplicativo fornecendo um buffer de 800 bytes especialmente elaborado no campo `password`. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do Software Vulnerável e Versões Afetadas** Wondershare MirrorGo versão 2.0.11.346 **Descrição** O Wondershare MirrorGo versão 2.0.11.346 apresenta uma vulnerabilidade de escalonamento de privilégio local. Permissões de arquivo incorretas em arquivos executáveis permitem que usuários locais não privilegiados substituam o arquivo `ElevationService.exe` por um arquivo malicioso. Isso permite a execução de código arbitrário com privilégios de `LocalSystem`. **Recomendações** Aplique permissões de arquivo adequadas ao executável `ElevationService.exe` para impedir modificação não autorizada.