Aloyce J. Makalanga

**Name of the Vulnerable Software and Affected Versions** NetTransport Download Manager versions 2.96L and earlier **Description** A buffer overflow issue in the NetTransport.exe file could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. This is achieved through specially crafted HTTP responses. **Recommendations** For versions 2.96L and earlier, update to a version later than 2.96L to resolve the issue. As a temporary workaround, consider restricting access to the NetTransport.exe file until a patch is available. Avoid using the NetTransport Download Manager to handle long HTTP responses from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GetGo Download Manager versions 5.3.0.2712 and earlier **Description** A buffer overflow issue could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. The vulnerability can be exploited by a remote attacker using a specially crafted string in the HTTP response header, potentially leading to the execution of arbitrary code on the device. **Recommendations** For GetGo Download Manager versions 5.3.0.2712 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ability Mail Server versions prior to 4.2.4 **Description** The issue allows for Cross Site Scripting (XSS) via the body of an e-mail message. This occurs when JavaScript code is executed on the Read Mail screen, accessible through the / readmail URI. **Recommendations** For versions prior to 4.2.4, update to version 4.2.4 to resolve the issue. As a temporary workaround, consider restricting access to the / readmail URI until the update is applied.