Blake

**Name of the Vulnerable Software and Affected Versions** Mitsubishi Electric Automation MC-WorX Suite version 8.02 **Description** The issue allows remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click. This is made possible by a vulnerability in an ActiveX control in IcoLaunch.dll. **Recommendations** For Mitsubishi Electric Automation MC-WorX Suite version 8.02, consider disabling the vulnerable ActiveX control in IcoLaunch.dll as a temporary workaround until a patch is available. Restrict access to the Login Client button to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WellinTech KingView versions prior to 6.53 SuperGrid.ocx versions prior to 65.30.30000.10002 **Description** The issue concerns the SUPERGRIDLib.SuperGrid ActiveX control, which does not properly restrict `ReplaceDBFile` method calls. This allows remote attackers to create or overwrite arbitrary files and subsequently execute arbitrary programs via the two pathname arguments. A directory traversal attack can be used to exploit this issue. **Recommendations** For WellinTech KingView versions prior to 6.53, update to version 6.53 or later. For SuperGrid.ocx versions prior to 65.30.30000.10002, update to version 65.30.30000.10002 or later. As a temporary workaround, consider restricting access to the `ReplaceDBFile` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WellinTech KingView versions prior to 6.53 KChartXY.ocx versions prior to 65.30.30000.10002 **Description** The issue concerns the KCHARTXYLib.KChartXY ActiveX control, which does not properly restrict `SaveToFile` method calls. This allows remote attackers to create or overwrite arbitrary files and subsequently execute arbitrary programs via a single pathname argument. A directory traversal attack can be used to exploit this issue. **Recommendations** For WellinTech KingView versions prior to 6.53, update to version 6.53 or later. For KChartXY.ocx versions prior to 65.30.30000.10002, update to version 65.30.30000.10002 or later. As a temporary workaround, consider restricting access to the `SaveToFile` method in the KChartXY.ocx control to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeNAC version 3.02 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters, including the `comment`, `mac`, `graphtype`, `name`, or `type` parameter to "stats.php", or the `comment` parameter to "deviceadd.php". **Recommendations** For FreeNAC version 3.02, update the software to a version that includes a fix for this issue, as using outdated versions may expose the system to XSS attacks. As a temporary workaround, consider restricting access to the "stats.php" and "deviceadd.php" scripts until a patch is available. Avoid using the vulnerable parameters, such as `comment`, `mac`, `graphtype`, `name`, or `type`, in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FreeNAC version 3.02 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `status` parameter in the "deviceadd.php" file. **Recommendations** For FreeNAC version 3.02, consider restricting access to the "deviceadd.php" file until a patch is available, and avoid using the `status` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung NET-i viewer version 1.37 **Description** The issue is related to a stack-based buffer overflow in the RequestScreenOptimization function within the XProcessControl.ocx ActiveX control in msls31.dll. This allows remote attackers to execute arbitrary code by providing a long string in the first argument. **Recommendations** For Samsung NET-i viewer version 1.37, consider disabling the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control until a patch is available. Restrict access to the msls31.dll module to minimize the risk of exploitation. Avoid using long strings in the first argument of the affected function to prevent potential code execution.

**Name of the Vulnerable Software and Affected Versions** FathFTP ActiveX control version 1.7 **Description** The issue concerns multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via the GetFromURL member or by providing a long argument to the `RasIsConnected` method. **Recommendations** For FathFTP ActiveX control version 1.7, consider disabling the `GetFromURL` member and restrict the input length for the `RasIsConnected` method to prevent exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Rosoft Audio Converter version 4.4.4 **Description** The issue allows remote attackers to execute arbitrary code via a long playlist entry in a .m3u file. This is due to a buffer overflow in the software. **Recommendations** For Rosoft Audio Converter version 4.4.4, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict the handling of .m3u files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PhpMyLogon version 2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the phpmylogon.php file. **Recommendations** For PhpMyLogon version 2, consider restricting access to the phpmylogon.php file until a patch is available, and avoid using the `username` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BigAnt IM Server version 2.50 **Description** The issue is a stack-based buffer overflow in the AntServer Module, allowing remote attackers to execute arbitrary code. This can be achieved by sending a long GET request to the "TCP port 6660" endpoint. **Recommendations** For BigAnt IM Server version 2.50, consider restricting access to the AntServer Module until a patch is available. As a temporary workaround, limit the length of GET requests to TCP port 6660 to prevent exploitation.