Andreas Constantinides

**Name of the Vulnerable Software and Affected Versions** zOOm Media Gallery version 2.1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in the "index.php" file. **Recommendations** For zOOm Media Gallery version 2.1.2, consider restricting access to the `catid` parameter in the "index.php" file until a patch is available. As a temporary workaround, avoid using the `catid` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Check Point NG AI versions R54 through R55 **Description** A buffer overflow issue in Check Point SmartDashboard allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. **Recommendations** For versions R54 and R55, consider applying a patch or fix to address the buffer overflow issue in Check Point SmartDashboard. As a temporary workaround, restrict access to SmartView Tracker to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: CesarFTP version 0.99g Description: The issue allows local users to gain privileges because CesarFTP stores user names and passwords in plaintext in the settings.ini file. Recommendations: For version 0.99g, consider encrypting or securely storing sensitive information in the settings.ini file to prevent unauthorized access. As a temporary workaround, restrict access to the settings.ini file to minimize the risk of exploitation.