Huang Yu Ze

**Name of the Vulnerable Software and Affected Versions** Digiwin EasyFlow .NET (affected versions not specified) **Description** The issue concerns a lack of proper access control for specific functionality and inadequate filtering of user input. This can be exploited by a remote attacker with regular privileges to download arbitrary files from the remote server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DigiWin EasyFlow .NET (affected versions not specified) **Description** The issue is related to a lack of validation for certain input parameters, which allows remote attackers to inject arbitrary SQL commands. This enables unauthorized access to read, modify, and delete database records, as well as execute system commands. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ELITE TECHNOLOGY CORP. Web Fax (affected versions not specified) **Description** The issue is related to SQL Injection, where an unauthenticated remote attacker can inject SQL commands into the input field of the "login page" to perform arbitrary system commands, disrupt service, or terminate service. This is due to the lack of protection measures for the SQL query structure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.