Gerry Eisenhaur

**Name of the Vulnerable Software and Affected Versions** Cisco Security Agent versions 5.1 through 6.0 before 6.0.2.145 Cisco Security Agent version 6.0 before 6.0.2.145 **Description** The issue allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted "st upload" request. **Recommendations** For Cisco Security Agent versions 5.1 through 6.0 before 6.0.2.145, update to version 6.0.2.145 or later to resolve the issue. For Cisco Security Agent version 6.0 before 6.0.2.145, update to version 6.0.2.145 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WeOnlyDo wodSSHServer ActiveX Component versions 1.2.7 through 1.3.3 FreeSSHd version 1.0.9 freeFTPd version 1.0.10 **Description** The issue allows remote attackers to execute arbitrary code via a long key exchange algorithm string, which is a result of a stack-based buffer overflow. This can be exploited by providing a long string to the key exchange algorithm, leading to potential code execution. **Recommendations** For WeOnlyDo wodSSHServer ActiveX Component versions 1.2.7 through 1.3.3, consider restricting the length of the key exchange algorithm string to prevent buffer overflow. For FreeSSHd version 1.0.9, restrict access to the key exchange algorithm to minimize the risk of exploitation. For freeFTPd version 1.0.10, avoid using long key exchange algorithm strings until the issue is resolved.