Prabhu S Angadi

**Name of the Vulnerable Software and Affected Versions** Ipswitch WhatsUp Gold TFTP Server version 1.0.0.24 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `Filename` field of an RRQ operation. **Recommendations** For Ipswitch WhatsUp Gold TFTP Server version 1.0.0.24, consider restricting access to the TFTP server until a patch is available. As a temporary workaround, avoid using the `Filename` field with .. (dot dot) sequences in RRQ operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dashboard Server for NetMechanica NetDecision versions prior to 4.6.1 **Description** The issue allows remote attackers to obtain the installation path via a request with a trailing "?" character, which causes Dashboard to attempt to access a non-existent resource. **Recommendations** For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Dashboard Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetDecision versions prior to 4.6.1 **Description** The issue is a stack-based buffer overflow in the HTTP Server, which can be triggered by a long URL in an HTTP request, causing the application to crash. **Recommendations** For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NetMechanica NetDecision versions prior to 4.6.1 **Description** The issue allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request. This can be demonstrated using a file like default.nd. **Recommendations** For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to .nd files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NetSarang Xlpd version 4 Build 0100 NetSarang Xmanager Enterprise version 4 Build 0186 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, via a malformed LPD request. **Recommendations** For NetSarang Xlpd version 4 Build 0100, update to a version that includes a fix for the malformed LPD request handling. For NetSarang Xmanager Enterprise version 4 Build 0186, update to a version that includes a fix for the malformed LPD request handling.

**Name of the Vulnerable Software and Affected Versions** OfficeSIP Server version 3.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending a crafted To header in a SIP INVITE message. **Recommendations** For OfficeSIP Server version 3.1, update to a version that includes a fix for this issue to prevent daemon crashes caused by crafted SIP INVITE messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.