Cybertronic

**Name of the Vulnerable Software and Affected Versions** BrightStor ARCserve Backup versions 9.0 through 11.1 **Description** A buffer overflow issue exists in the Discovery Service of the affected software, allowing remote attackers to execute arbitrary commands. This is achieved by sending a large packet to TCP port 41523. **Recommendations** For versions 9.0 through 11.1, update to a version that contains a fix for this issue to prevent remote attackers from executing arbitrary commands. As a temporary workaround, consider restricting access to TCP port 41523 to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: DMail version 3.1a Description: A format string issue in dSMTP (dsmtp.exe) allows remote attackers to execute arbitrary code via format string specifiers in the "xtellmail" command. Recommendations: For DMail version 3.1a, at the moment, there is no information about a newer version that contains a fix for this vulnerability.