R-73En

**Nome do Software Vulnerável e Versões Afetadas** EasyCafe Server versão 2.2.14 **Descrição** Existe uma vulnerabilidade de divulgação remota de arquivos no EasyCafe Server. Um atacante remoto não autenticado pode solicitar arquivos arbitrários através da porta TCP 831 utilizando o opcode 0x43, potencialmente recuperando informações sensíveis, como configurações do sistema e arquivos de senhas, caso o arquivo exista e esteja acessível. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Symantec Messaging Gateway versions prior to 10.6.2 **Description** The issue allows remote authenticated users to read arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the charting component. The vulnerability can be triggered by including a .. (dot dot) in the `sn` parameter to the "brightmail/servlet/com.ve.kavachart.servlet.ChartStream" endpoint. **Recommendations** For versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the brightmail/servlet/com.ve.kavachart.servlet.ChartStream endpoint to minimize the risk of exploitation. Avoid using the `sn` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Konica Minolta FTP Utility version 1.0 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, by sending a long `USER` command. **Recommendations** For Konica Minolta FTP Utility version 1.0, consider disabling the FTP service until a patch is available to prevent potential exploitation. Restrict access to the vulnerable `USER` command to minimize the risk of arbitrary code execution or denial of service.

**Name of the Vulnerable Software and Affected Versions** ProFTPD version 1.3.5 **Description** The issue allows remote attackers to read and write to arbitrary files. This is achieved via the site cpfr and site cpto commands, which are part of the mod copy module in the ProFTPD FTP server. **Recommendations** For ProFTPD version 1.3.5, consider disabling the mod copy module as a temporary workaround until a patch is available. Restrict access to the site cpfr and site cpto commands to minimize the risk of exploitation.