His0K4

**Name of the Vulnerable Software and Affected Versions** Roxio CinePlayer version 3.2 **Description** A heap-based buffer overflow issue exists in the IAManager ActiveX control in IAManager.dll, allowing remote attackers to execute arbitrary code via a long argument to the `SetIAPlayerName` method. **Recommendations** For Roxio CinePlayer version 3.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mercury Audio Player version 1.21 **Description** The issue concerns multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by sending a long string in a malformed playlist file, specifically in .b4s or .pls files. **Recommendations** For Mercury Audio Player version 1.21, consider updating to a newer version that addresses this issue, as using malformed playlist files can lead to arbitrary code execution. If no update is available, restrict the use of .b4s and .pls playlist files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mercury Audio Player version 1.21 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by sending a long string in a malformed playlist (.m3u) file. **Recommendations** For Mercury Audio Player version 1.21, update to a version that fixes this issue, as using a long string in a malformed playlist file can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Labtam ProFTP version 2.9 **Description** A buffer overflow issue allows remote FTP servers to cause a denial of service or execute arbitrary code via a long 220 reply. **Recommendations** For Labtam ProFTP version 2.9, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FTPShell Client version 4.1 RC2 **Description** A stack-based buffer overflow issue allows remote FTP servers to execute arbitrary code via a long response to a PASV command. **Recommendations** For FTPShell Client version 4.1 RC2, consider disabling the PASV command functionality until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! com jabode (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in a sign task to "index.php". This can potentially lead to unauthorized access and manipulation of database content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Soulseek versions 156 through 157 Description: A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long search query. Recommendations: For Soulseek versions 156 through 157, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Sonic Spot Audioactive Player version 1.93b Description: The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string in a playlist file. This can be demonstrated by a long .mp3 URL in a .m3u file. Recommendations: For Sonic Spot Audioactive Player version 1.93b, consider avoiding the use of long strings in playlist files until a patch is available. As a temporary workaround, restrict the length of URLs in .m3u files to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: ElectraSoft 32bit FTP version 09.04.24 Description: The issue is a stack-based buffer overflow that allows remote FTP servers to execute arbitrary code. This occurs when a long 227 reply to a PASV command is received. Recommendations: For ElectraSoft 32bit FTP version 09.04.24, consider restricting access to the PASV command until a patch is available. As a temporary workaround, avoid using the PASV command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microchip MPLAB IDE version 8.30 Description: The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved by providing a long .cof pathname in a [TOOL SETTINGS] section in a .mcp file. Recommendations: For Microchip MPLAB IDE version 8.30, consider avoiding the use of long .cof pathnames in .mcp files until a fix is available. As a temporary workaround, restrict the length of .cof pathnames in [TOOL SETTINGS] sections to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: Streaming Download Project (SDP) Downloader version 2.3.0 Description: A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long .asf URL in the `HREF` attribute of a `REF` element in a .asx file. Recommendations: For Streaming Download Project (SDP) Downloader version 2.3.0, consider updating to a newer version that addresses this issue, as using a long .asf URL in the `HREF` attribute of a `REF` element in a .asx file can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ElectraSoft 32bit FTP version 09.04.24 Description: A stack-based buffer overflow issue allows remote FTP servers to execute arbitrary code via a long 257 reply to a CWD command. Recommendations: For ElectraSoft 32bit FTP version 09.04.24, consider restricting access to the CWD command until a patch is available. As a temporary workaround, avoid using the CWD command with untrusted FTP servers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** RoomPHPlanning version 1.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idresa` parameter to the "resaopen.php" endpoint. **Recommendations** For RoomPHPlanning version 1.5, avoid using the `idresa` parameter in the "resaopen.php" endpoint until the issue is resolved. Consider restricting access to the "resaopen.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BS.Player versions 2.32 Build 975 through 2.34 Build 980 and earlier **Description** The issue is a stack-based buffer overflow that can be triggered by a long hostname in a .bsl playlist file, potentially allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For versions 2.32 Build 975 through 2.34 Build 980 and earlier, consider avoiding the use of long hostnames in .bsl playlist files until a fix is available. As a temporary workaround, restrict the length of hostnames in .bsl files to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Icarus version 2.0 **Description** The issue is a stack-based buffer overflow that allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code. This is achieved by using a crafted Portable Game Notation (.pgn) file. **Recommendations** For Icarus version 2.0, avoid using the application to open .pgn files from untrusted sources until a patch is available. As a temporary workaround, consider restricting the use of .pgn file handling functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! version 1.0.2 Mambo version 1.0.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in an edit task to "index.php". **Recommendations** For Joomla! version 1.0.2, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. For Mambo version 1.0.2, restrict access to the vulnerable component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Joomla! component com prayercenter versions 1.4.9 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a `view request` action to the "index2.php" endpoint. Recommendations: For versions 1.4.9 and earlier, update to a version later than 1.4.9 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Joomla! MyContent (com mycontent) component version 1.1.13 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a view action to "index.php". Recommendations: For version 1.1.13, consider restricting access to the vulnerable component until a patch is available. Avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com joomladate version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `user` parameter in a `viewProfile` action to the `/index.php` API endpoint. **Recommendations** For version 1.2, consider disabling the `viewProfile` action in the com joomladate component until a patch is available. Restrict access to the `/index.php` endpoint to minimize the risk of exploitation. Avoid using the `user` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** EffectMatrix Total Video Player version 1.31 **Description** The issue is a stack-based buffer overflow that allows attackers to execute arbitrary code. This is achieved through a `SkinsDefaultSkinDefaultSkin.ini` file with a large `ColumnHeaderSpan` value. **Recommendations** For EffectMatrix Total Video Player version 1.31, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the `SkinsDefaultSkinDefaultSkin.ini` file to minimize the risk of exploitation. Avoid using large `ColumnHeaderSpan` values in the `DefaultSkin.ini` file until the issue is resolved.