CVE-2014-9451

Name of the Vulnerable Software and Affected Versions VDG Security SENSE version 2.3.13

Description The issue concerns multiple stack-based buffer overflows in the DIVA web service API, specifically at the "/webservice" endpoint. This allows remote attackers to execute arbitrary code by manipulating the user or password parameters in an AuthenticateUser request.

Recommendations For version 2.3.13, consider disabling the AuthenticateUser request functionality in the "/webservice" API endpoint until a patch is available. Restrict access to the user and password parameters to minimize the risk of exploitation.