Muhammad Ahmed Siddiqui

**Name of the Vulnerable Software and Affected Versions** Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 9.0 build 9031 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `site` parameter in the reports/CreateReportTable.jsp file. **Recommendations** For versions prior to 9.0 build 9031, update to version 9.0 build 9031 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ManageEngine ServiceDesk Plus versions prior to 9.0 build 9031 **Description** The issue allows remote authenticated users to obtain sensitive ticket information. This can be achieved through various means, including a `getTicketData` action to the "servlet/AJaxServlet" endpoint, or direct requests to the "swf/flashreport.swf", "reports/flash/details.jsp", or "reports/CreateReportTable.jsp" endpoints. **Recommendations** For versions prior to 9.0 build 9031, update to version 9.0 build 9031 or later to resolve the issue. As a temporary workaround, consider restricting access to the "servlet/AJaxServlet" endpoint and the "swf/flashreport.swf", "reports/flash/details.jsp", and "reports/CreateReportTable.jsp" pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KarjaSoft Sami FTP Server versions 2.0.2 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a long `USER` or `PASS` command, which can lead to a buffer overflow. **Recommendations** For versions 2.0.2 and earlier, update to a version later than 2.0.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XM Easy Personal FTP Server versions 4.3 and earlier **Description** A buffer overflow issue allows remote attackers to execute arbitrary code, likely through a `USER` command with a long `username` variable. **Recommendations** For XM Easy Personal FTP Server versions 4.3 and earlier, update to a version later than 4.3 to resolve the issue.