Chris Inzinga

**Name of the Vulnerable Software and Affected Versions** FTP Navigator version 8.03 **Description** FTP Navigator version 8.03 contains a denial of service condition that allows attackers to crash the application. This is achieved by overwriting the Structured Exception Handler (SEH) with crafted input. Specifically, a payload consisting of 4108 'A' characters, followed by 4 'B' characters, and 40 'C' characters, when entered into the custom command input, triggers the program crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SurfOffline Professional version 2.2.0.103 **Description** SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow that allows attackers to disrupt the application. This is achieved by manipulating the project name input. An attacker can create a malicious payload consisting of 382 'A' characters combined with specific byte sequences to cause a denial of service and overwrite SEH registers. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LinuxKI versions 6.0-1 and earlier **Description** The issue is related to the lack of input data sanitization in the LinuxKI operating system, which can be exploited by a remote attacker to perform cross-site scripting (XSS) attacks. **Recommendations** For LinuxKI versions 6.0-1 and earlier, update to release 6.0-2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LinuxKI versions 6.0-1 and earlier **Description** The issue is related to insecure privilege management in the LinuxKI operating system. This allows a remote attacker to execute arbitrary code. The problem is resolved in release 6.0-2. **Recommendations** For LinuxKI versions 6.0-1 and earlier, update to release 6.0-2 to resolve the issue.