Inge Henriksen

Name of the Vulnerable Software and Affected Versions: SoftArtisans FileUp (SAFileUp) version 5.0.14 Description: The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a `%c0%ae` (Unicode dot dot) in the `path` parameter, which bypasses checks for ".." sequences. Recommendations: For SoftArtisans FileUp (SAFileUp) version 5.0.14, consider restricting access to the `util/viewsrc.asp` file until a patch is available. As a temporary workaround, avoid using the `path` parameter with untrusted input in the `util/viewsrc.asp` file.

**Name of the Vulnerable Software and Affected Versions** Avant Browser version 10.1 Build 17 **Description** The issue allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler. This can be demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. It is unclear whether this issue is specific to the implementation or a problem in the Microsoft API. **Recommendations** For Avant Browser version 10.1 Build 17, consider disabling the handling of mailto: scheme until a patch is available to prevent potential exploitation. Restrict access to the mail client invocation to minimize the risk of attachment manipulation. Avoid using the mailto: scheme handler with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** FileZilla Server Terminal version 0.9.4d **Description** A buffer overflow issue may allow remote attackers to cause a denial of service, resulting in a terminal crash, by sending a long USER ftp command. **Recommendations** For version 0.9.4d, consider updating to a newer version that addresses this issue, as using a long USER ftp command can cause a terminal crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.