Rafael Pedrero

**Name of the Vulnerable Software and Affected Versions** Zervit's portable HTTP/web server (versões afetadas não especificadas) **Description** Uma negação de serviço remota pode ocorrer quando uma solicitação de redefinição de configuração é feita devido à validação inadequada de entradas fornecidas pelo usuário. Um invasor pode enviar solicitações maliciosas para fazer com que a aplicação pare de responder. A aplicação pode ser reiniciada manualmente. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** CivetWeb versão 1.16 **Description** Um problema de caminho de pesquisa não delimitado por aspas existe devido à ausência de aspas na configuração do serviço. Isso permite que um invasor local execute código arbitrário com privilégios elevados ao colocar um executável malicioso em um diretório que é verificado antes do caminho do aplicativo pretendido 'C:Program FilesCivetWebCivetWeb.exe --'. **Recommendations** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.

**Nome do Software Vulnerável e Versões Afetadas** River Past Ringtone Converter versão 2.7.6.1601 **Descrição** Ocorre um estouro de buffer local quando a aplicação recebe entradas excessivas nos campos de ativação. Um invasor pode causar uma condição de negação de serviço, fazendo com que a aplicação trave, ao colar 300 bytes de dados na caixa de texto `Email` e na área de texto `Activation code` dentro do diálogo de Ativação do menu Ajuda. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha a correção para esta vulnerabilidade.

ASPRunner Professional 6.0.766 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long project name. Attackers can paste 180 or more characters into the Project name field during project creation to trigger an application crash.

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition.

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.

a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fields and click the Register button to trigger a denial of service crash.

Remote Process Explorer 1.0.0.16 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by sending a crafted payload to the Add Computer dialog. Attackers can paste a malicious string into the computer name textbox and trigger a crash by connecting to the added computer, overwriting the SEH chain and corrupting exception handlers.

**Name of the Vulnerable Software and Affected Versions** Anon Proxy Server version 0.104 **Description** A Reflected Cross-Site Scripting (XSS) issue exists in Anon Proxy Server. This allows an attacker to execute JavaScript code in a victim’s browser through a malicious URL. This could lead to the theft of sensitive user data, such as session cookies, or actions performed on behalf of the user. The issue affects the `port` and `proxyPort` parameters in the '/anon.php' endpoint. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Anon Proxy Server versão 0.104 Description Uma vulnerabilidade de Cross-Site Scripting (XSS) refletido existe no Anon Proxy Server versão 0.104. Esta vulnerabilidade permite que um atacante execute código JavaScript no navegador da vítima enviando uma URL maliciosa. Isso pode ser explorado para roubar dados confidenciais do usuário, como cookies de sessão, ou para realizar ações em nome do usuário. A vulnerabilidade afeta o parâmetro 'host' no endpoint '/diagconnect.php'. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade. Como uma solução alternativa temporária, sanitize o parâmetro `host` no endpoint '/diagconnect.php' para evitar a injeção de código JavaScript malicioso.

Name of the Vulnerable Software and Affected Versions Anon Proxy Server versão 0.104 Description Uma vulnerabilidade de Cross-Site Scripting (XSS) Refletido existe que permite a um atacante executar código JavaScript no navegador da vítima enviando uma URL maliciosa. Isso pode ser usado para roubar dados confidenciais do usuário, como cookies de sessão, ou para realizar ações em nome do usuário. A vulnerabilidade afeta o parâmetro `host` no endpoint da API '/diagdns.php'. Recommendations Atualize para uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Small HTTP Server version 3.06.36 **Description** The issue involves an unquoted service path in Small HTTP Server. Specifically, the vulnerability affects the executable located at 'C:Program Files (x86)shttps mghttp.exe service'. This misconfiguration allows a local attacker to place a malicious executable with the same name in a directory with higher priority, causing the service to execute the malicious file instead of the legitimate one. Exploiting this flaw could lead to arbitrary code execution, unauthorized system access, or service disruption. The vulnerable path is associated with the service configuration. **Recommendations** Ensure the service path is properly quoted. Restrict physical and network access to the system.

**Name of the Vulnerable Software and Affected Versions** Small HTTP Server version 3.06.36 **Description** An authenticated path traversal issue exists in the Small HTTP Server service. A remote user can bypass the intended restrictions of the `SecurityManager` and potentially display any file if they have the appropriate permissions outside the configured document root. The vulnerable path is '/'. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 **Description** A cross-site request forgery (CSRF) issue exists in the software. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to missing CSRF token implementation. Exploitation involves a POST request to the `/setup login?sid=` endpoint, impacting the `username`, `password`, and `cpassword` parameters. **Recommendations** Apply updates to versions beyond 10.4.18.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 **Description** A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to missing CSRF token implementation. Exploitation involves sending a POST request to the `/delete command?sid=` endpoint, utilizing the `cid` parameter to delete commands individually. **Recommendations** Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability. Update Disk Pulse Enterprise to a version with a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 **Description** A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions. This is due to missing CSRF token implementation. An attacker can leverage a POST request to the ''/delete all commands?sid='' endpoint to delete all commands. **Recommendations** Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability. Update Disk Pulse Enterprise to a version with a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 **Description** A cross-site request forgery (CSRF) issue exists in Sync Breeze Enterprise Server and Disk Pulse Enterprise. An authenticated user can potentially cause another user to perform unintended actions within their logged-in session. This is due to the absence of appropriate CSRF token implementation. Exploitation involves sending a POST request to the `/rename command?sid=` API endpoint, specifically manipulating the `command name` parameter. **Recommendations** Update Sync Breeze Enterprise Server to a version with a fix for this vulnerability. Update Disk Pulse Enterprise to a version with a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 **Description** Sync Breeze Enterprise Server version 10.4.18 and Disk Pulse Enterprise version 10.4.18 are affected by a remote denial-of-service (DoS) issue within the configuration restore functionality. The root cause is inadequate validation of user-provided data during the configuration restore process. An attacker can exploit this by sending crafted requests to modify the configuration file, leading to application unresponsiveness. A successful attack can corrupt the configuration, preventing service recovery and necessitating a complete reinstallation. **Recommendations** Update Sync Breeze Enterprise Server to a version beyond 10.4.18. Update Disk Pulse Enterprise to a version beyond 10.4.18.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze Enterprise Server versions 10.4.18 Disk Pulse Enterprise versions 10.4.18 **Description** Sync Breeze Enterprise Server and Disk Pulse Enterprise are affected by a persistent authenticated Cross-Site Scripting (XSS) issue. An attacker can potentially send malicious content to an authenticated user, potentially gaining access to session information. This is due to inadequate validation of user-supplied data. The vulnerability is present in the `/add command?sid=` API endpoint, specifically affecting the `command name` parameter. **Recommendations** Update Sync Breeze Enterprise to a version beyond 10.4.18. Update Disk Pulse Enterprise to a version beyond 10.4.18.