Brian Rodriguez

**Name of the Vulnerable Software and Affected Versions** VX Search version 13.5.28 **Description** An unquoted service path issue exists in the VX Search Server and VX Search Enterprise services. This allows local attackers to escalate privileges by placing malicious executables in unquoted path directories, such as "C:Program FilesVX Search", to execute arbitrary code with LocalSystem privileges upon service restart. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeoGebra Classic version 5.0.631.0-d **Description** GeoGebra Classic version 5.0.631.0-d contains a denial of service issue in the input field. An attacker can cause the application to crash by providing an oversized buffer of approximately 800,000 repeated characters. This buffer is submitted to the 'Entrada:' input field, leading to an application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeoGebra Graphing Calculator version 6.0.631.0 **Description** The GeoGebra Graphing Calculator is subject to a denial of service condition. An attacker can cause the application to crash by providing an excessively large input. Specifically, a payload consisting of 8000 repeated characters can overwhelm an input field, rendering the application unresponsive. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GeoGebra CAS Calculator version 6.0.631.0 **Description** The software contains a denial of service issue that allows attackers to crash the application. This is achieved by creating a payload with 8000 repeated characters and pasting it into the calculator’s input field, triggering a buffer overflow and subsequent application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pingzapper version 2.3.1 **Description** Pingzapper 2.3.1 contains an unquoted service path vulnerability in the `PingzapperSvc` service. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due to an unquoted path in 'C:Program Files (x86)PingzapperPZService.exe', which enables attackers to inject malicious executables and escalate privileges. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider modifying the service path to include quotes to prevent the execution of unauthorized files.

**Name of the Vulnerable Software and Affected Versions** OKI Print Job Accounting version 4.4.10 **Description** OKI Print Job Accounting 4.4.10 contains a flaw in the OkiJaSvc service related to an unquoted service path. This allows local attackers to potentially execute arbitrary code. The unquoted path, located at 'C:Program FilesOkidataPrint Job Accounting', can be exploited to inject malicious executables and escalate privileges. **Recommendations** Apply a fix to address the unquoted service path in the OkiJaSvc service.

**Name of the Vulnerable Software and Affected Versions** OKI Configuration Tool version 1.6.53 **Description** OKI Configuration Tool version 1.6.53 contains a flaw in the OKI Local Port Manager service related to an unquoted service path. This allows local attackers to potentially execute arbitrary code. The unquoted path is located at 'C:Program FilesOkidataCommonextend3portmgrsrv.exe', enabling attackers to inject malicious executables and escalate privileges. **Recommendations** Apply appropriate quoting to the service path for the OKI Local Port Manager service.

**Name of the Vulnerable Software and Affected Versions** Sync Breeze version 13.6.18 **Description** Sync Breeze version 13.6.18 contains a security issue due to an unquoted service path in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The issue stems from the unquoted path in service binaries located in 'Program Files' directories, which enables attackers to inject malicious executables and escalate privileges. **Recommendations** Ensure the service path is properly quoted in the Windows service configuration.

**Name of the Vulnerable Software and Affected Versions** 10-Strike Network Inventory Explorer Pro version 9.31 **Description** The software contains an unquoted service path vulnerability in the `srvInventoryWebServer` service, which runs with LocalSystem privileges. An attacker can exploit this by placing malicious executables in potential path segments. Successful exploitation could lead to privilege escalation and code execution with system-level permissions. **Recommendations** Ensure the service path for `srvInventoryWebServer` is properly quoted to prevent the execution of unauthorized executables.

**Name of the Vulnerable Software and Affected Versions** WibuKey Runtime version 6.51 **Description** WibuKey Runtime 6.51 has an issue related to an unquoted service path in the `WkSvW32.exe` service. This allows local attackers to potentially execute arbitrary code. The vulnerable path is located at 'C:PROGRAM FILES (X86)WIBUKEYSERVERWkSvW32.exe', which could be exploited to inject malicious executables and escalate privileges. **Recommendations** Apply appropriate quoting to the service path to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** DiskPulse Enterprise version 13.6.14 **Description** The software contains an unquoted service path vulnerability in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due to the unquoted path in 'C:Program FilesDisk Pulse Enterprisebindiskpls.exe', which enables attackers to inject malicious executables and escalate privileges. **Recommendations** Ensure the service path is enclosed in quotes during the installation or configuration of DiskPulse Enterprise version 13.6.14.

**Name of the Vulnerable Software and Affected Versions** Brother BRAgent version 1.38 **Description** The software contains an unquoted service path vulnerability within the WBA Agent Client service, which operates with LocalSystem privileges. An attacker can exploit the unquoted path located at C:Program Files (x86)BrotherBRAgent to inject and execute malicious code, gaining elevated system permissions. **Recommendations** Ensure the service path for WBA Agent Client is enclosed in quotes.

**Name of the Vulnerable Software and Affected Versions** Brother BRPrint Auditor version 3.0.7 **Description** The software contains an unquoted service path vulnerability in its Windows service configurations. This allows local attackers to potentially execute arbitrary code. Attackers can exploit unquoted file paths in the `BrAuSvc` and `BRPA Agent` services to inject malicious executables and escalate privileges on the system. **Recommendations** Apply appropriate quoting to the service paths in the Windows service configurations.

**Name of the Vulnerable Software and Affected Versions** SysGauge Server version 7.9.18 **Description** The software contains an unquoted service path vulnerability in its binary path configuration. This allows local attackers to potentially execute arbitrary code. The vulnerability exists due to the unquoted path in 'C:Program FilesSysGauge Serverbinsysgaus.exe', enabling attackers to inject malicious executables and escalate privileges. **Recommendations** Ensure the service path is enclosed in quotes during configuration.

**Name of the Vulnerable Software and Affected Versions** Disk Savvy version 13.6.14 **Description** Disk Savvy version 13.6.14 contains a flaw in its Windows service configuration due to an unquoted service path. This allows local attackers to potentially execute arbitrary code. The unquoted path in service binaries can be exploited to inject malicious executables that run with elevated LocalSystem privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dup Scout version 13.5.28 **Description** The software contains an unquoted service path issue in its Windows service configuration. This allows local attackers to potentially execute arbitrary code. The vulnerable path is located in 'C:Program FilesDup Scout Serverbindupscts.exe'. Attackers can exploit the unquoted path to inject malicious executables and escalate privileges. **Recommendations** Ensure the service path is enclosed in quotes during the Windows service configuration.