Chuyreds

**Name of the Vulnerable Software and Affected Versions** Foscam Video Management System version 1.1.4.9 **Description** The Foscam Video Management System is susceptible to a denial of service condition. An attacker can cause the application to crash by providing a specially crafted input to the `username` field. Specifically, overwriting the `username` with a 520-byte buffer of repeated 'A' characters during device login triggers the application crash. The vulnerable parameter is `username`. **Recommendations** Update to a newer version of Foscam Video Management System that addresses this issue. As a temporary workaround, limit the length of the `username` input field to prevent the submission of oversized input.

**Name of the Vulnerable Software and Affected Versions** Realtek IIS Codec Service version 6.4.10041.133 **Description** An unquoted service path issue exists which allows local attackers to potentially execute arbitrary code. By exploiting the unquoted path in the service configuration, an attacker can inject malicious executables to escalate privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet version 11.12 **Description** The software contains a denial of service issue that allows local attackers to crash the application. This is achieved by providing an oversized license name, specifically a 2500-character payload, to the license entry field. This input causes the application to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet version 11.12 **Description** The software contains a denial of service issue that allows local attackers to crash the application. This is achieved by providing an oversized license name, specifically a 2500-character payload, to the license name field. This input causes the application to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet version 11.12 **Description** The software contains a denial of service issue in the SSH2 username input field. Local attackers can cause the application to crash by overwriting the `username` field with a 1000-byte buffer, leading to unresponsiveness and termination. The affected API endpoint is related to SSH2 username input. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict the length of the `username` input field to less than 1000 bytes.

**Name of the Vulnerable Software and Affected Versions** TapinRadio version 2.12.3 **Description** TapinRadio version 2.12.3 contains a denial of service issue in the application proxy address configuration. Local attackers can crash the application by overwriting the `address` field with 3000 bytes of arbitrary data, preventing normal program functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TapinRadio version 2.12.3 **Description** TapinRadio version 2.12.3 has a denial of service issue in the application proxy username configuration. Local attackers can cause the application to crash by overwriting the `username` field with 10,000 bytes of arbitrary data, disrupting normal program functionality. **Recommendations** Update TapinRadio to a version that addresses this issue. As a temporary workaround, limit the length of the `username` field in the application proxy configuration.

**Name of the Vulnerable Software and Affected Versions** Wondershare Application Framework Service version 2.4.3.231 **Description** An unquoted service path allows local attackers to potentially execute arbitrary code with elevated privileges. This occurs when a service path contains spaces and is not enclosed in quotation marks, enabling attackers to place malicious executables in specific directory locations to hijack the service execution context. **Recommendations** Update Wondershare Application Framework Service to a version that fixes the unquoted service path issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZOC Terminal version 7.25.5 **Description** ZOC Terminal version 7.25.5 contains a script processing issue that allows local attackers to crash the application. This occurs when loading a maliciously crafted REXX script file. An attacker can generate an oversized script, containing approximately 20,000 repeated characters, to trigger the application crash and cause a denial of service. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltraVNC Launcher version 1.2.4.0 **Description** The software contains a denial of service condition in its password configuration. A local attacker can cause the application to crash by providing an overly long string, specifically 300 characters, as a password. This prevents normal launcher functionality. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltraVNC Launcher version 1.2.4.0 **Description** The software contains a denial of service issue in the Repeater Host configuration field. An attacker can cause the application to crash by providing an overly long string, specifically 300 characters, to the Repeater Host property. The vulnerable configuration field is the `RepeaterHost` property. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid using or limit the length of input in the `RepeaterHost` property.

**Name of the Vulnerable Software and Affected Versions** UltraVNC Viewer version 1.2.4.0 **Description** The software contains a denial of service issue that allows attackers to crash the application. Attackers can create a 256-byte malformed payload and paste it into the VNC Server connection dialog, which triggers an application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZOC Terminal version 7.25.5 **Description** ZOC Terminal version 7.25.5 contains a denial of service condition in the private key file input field. An attacker can cause the application to crash by overwriting the private key file input with a 2000-byte buffer when creating SSH key files. This results in the application becoming unresponsive. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Memu Play version 7.1.3 **Description** The software contains an insecure folder permissions issue. Low-privileged users can modify the `MemuService.exe` executable. An attacker can replace the service executable with a malicious file during system restart to obtain SYSTEM-level privileges by exploiting unrestricted file modification permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.