Cormac315

**Name of the Vulnerable Software and Affected Versions** Shibby Tomato version 1.28 **Description** A stack-based buffer overflow can be triggered remotely via the `get ups field()` function within the 'tomatodata.cgi' file. This occurs when the `Date` argument is manipulated. A stack-based buffer overflow is a condition where a program writes more data to a buffer located on the stack than the buffer is allocated to hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub 9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

**Name of the Vulnerable Software and Affected Versions** Shibby Tomato version 1.28 **Description** A stack-based buffer overflow occurs in the `sub 90F0()` function within the 'multimon.cgi' file. This issue allows a remote attacker to manipulate the system via a buffer overflow, which happens when a program writes more data to a fixed-length block of memory (the stack) than it is allocated to hold. **Recommendations** As a temporary workaround, restrict access to the 'multimon.cgi' file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.