Hodorsec

Core FTP 2.0 build 653 contains a denial of service vulnerability in the PBSZ command that allows unauthenticated attackers to crash the service by sending a malformed command with an oversized buffer. Attackers can send a PBSZ command with a payload exceeding 211 bytes to trigger an access violation and crash the FTP server process.

**Name of the Vulnerable Software and Affected Versions** 10-Strike Network Inventory Explorer version 9.03 **Description** The software contains a buffer overflow issue in the file import functionality that enables remote attackers to run code without authorization. An attacker can create a specially crafted text file with a malicious payload to trigger a stack-based buffer overflow and bypass data execution prevention using a ROP chain. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreNMS version 1.46 **Description** LibreNMS version 1.46 contains an authenticated SQL injection issue in the MAC accounting graph endpoint. This allows remote attackers to extract database information by manipulating the `sort` parameter with crafted SQL injection techniques, enabling time-based blind SQL injection. The affected API endpoint is the MAC accounting graph endpoint. **Recommendations** Apply a fix or patch for LibreNMS version 1.46 to address the SQL injection issue in the MAC accounting graph endpoint. As a temporary workaround, restrict access to the MAC accounting graph endpoint or sanitize the `sort` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Yachtcontrol versions through 2019-10-06 **Description** The issue exists due to the lack of measures to neutralize special elements used in operating system commands. This allows a remote attacker to execute arbitrary code using a specially crafted page `/pages/systemcall.php?command={COMMAND}` by connecting through GPRS/4G networks. An unauthenticated user can perform direct operating system commands via the `/pages/systemcall.php` page and the `command` parameter, where the `{COMMAND}` will be executed and return results to the client. **Recommendations** For Yachtcontrol versions through 2019-10-06, consider disabling access to the `/pages/systemcall.php` page as a temporary workaround until a patch is available. Restrict the use of the `command` parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ricoh myPrint application version 2.9.2.4 for Windows Ricoh myPrint application version 2.2.7 for Android **Description** The issue concerns hardcoded credentials in the Ricoh myPrint application, which can provide unauthorized access to externally disclosed myPrint WSDL API. This access can lead to the discovery of sensitive information, including API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files. **Recommendations** For Ricoh myPrint application version 2.9.2.4 for Windows, consider removing or securely storing hardcoded credentials to prevent unauthorized access. For Ricoh myPrint application version 2.2.7 for Android, consider removing or securely storing hardcoded credentials to prevent unauthorized access. As a temporary workaround, restrict access to the myPrint WSDL API to minimize the risk of exploitation.