Christian Vierschilling

**Name of the Vulnerable Software and Affected Versions** BearShare Lite version 5.2.5 **Description** BearShare Lite 5.2.5 contains a buffer overflow issue in the Advanced Search keywords input. An attacker can execute arbitrary code by crafting a malicious payload and pasting it into the search keywords field. This allows overwriting the EIP register and executing shellcode. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CEVAS versions prior to 1.01.46 **Description** The issue concerns insufficient validation of user-controllable input, which could allow a user to bypass authentication and retrieve data using specially crafted SQL queries. **Recommendations** For versions prior to 1.01.46, update to version 1.01.46 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and implementing additional validation measures for user input to minimize the risk of exploitation.