Ismail Tasdelen

**Name of the Vulnerable Software and Affected Versions** RICOH Web Image Monitor version 1.09 **Description** RICOH Web Image Monitor 1.09 contains an HTML injection issue in the address configuration CGI script. This allows attackers to inject malicious HTML code by exploiting the `entryNameIn` and `entryDisplayNameIn` parameters. Successful exploitation could lead to cross-site scripting attacks. The vulnerable parameters allow the insertion of arbitrary HTML content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Heatmiser Netmonitor version 3.03 **Description** The software contains an HTML injection issue in the outputSetup.htm page. Attackers can inject malicious HTML code through the `outputtitle` parameter by sending specially crafted POST requests. This allows for the execution of arbitrary HTML and potential manipulation of the web interface's displayed content. The vulnerable parameter is `outputtitle`. **Recommendations** Apply a fix to sanitize the `outputtitle` parameter to prevent the injection of malicious HTML code.

**Name of the Vulnerable Software and Affected Versions** Heatmiser Netmonitor version 3.03 **Description** The software contains hardcoded credentials, specifically a predictable username and password for administrative access. An attacker can gain access to the device by using the username 'admin' and password 'admin' within the hidden form input fields of the 'networkSetup.htm' page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RemShutdown version 2.9.0.0 **Description** A denial of service issue exists in the registration key input. An attacker can cause the application to crash by pasting a 1000-character buffer payload into the registration key field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NBMonitor version 1.6.6.0 **Description** A denial of service issue exists in the registration key input. An attacker can cause the application to crash by pasting a 1000-character buffer payload into the `Key` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.

**Name of the Vulnerable Software and Affected Versions** NetShareWatcher version 1.5.8.0 **Description** A buffer overflow occurs in the registration name input, which can lead to an application crash. This happens when a payload of 1000 characters is entered into the 'Name' field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RemShutdown version 2.9.0.0 **Description** A denial of service issue exists where attackers can crash the application by overflowing the registration name field. This is achieved by pasting a 1000-character buffer payload into the `Name` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueAuditor version 1.7.2.0 **Description** A denial of service issue exists in the registration name input field. An attacker can cause the application to crash by providing a 1000-character buffer payload in the `Name` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetShareWatcher version 1.5.8.0 **Description** A buffer overflow occurs in the registration key input. An attacker can cause the application to crash by providing oversized input, such as a 1000-character payload, into the registration key field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TaskCanvas version 1.4.0 **Description** A denial of service issue exists in the registration code input field. An attacker can cause the application to crash by submitting a 1000-character buffer payload into the registration field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotDialup version 1.6.7 **Description** A denial of service issue exists in the registration name input field. An attacker can cause the application to crash by providing a 1000-character buffer payload in the `Name` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotOutlook version 1.2.6 **Description** A denial of service issue exists in the registration name input field. An attacker can cause the application to become unresponsive and crash by overwriting the buffer, which is achieved by pasting 1000 'A' characters into the `Name` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Backup Key Recovery version 2.2.5 **Description** A denial of service issue exists where attackers can crash the application by overflowing the 'Name' input field. This is achieved by submitting a 1000-character payload into the registration name field `Name`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dnss Domain Name Search Software (affected versions not specified) **Description** The software is susceptible to a denial of service condition. An attacker can crash the application by supplying an excessively large registration key. Specifically, a 1000-character buffer payload entered into the registration key field triggers the application crash. The vulnerable component is the registration key processing logic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GTalk Password Finder version 2.2.1 **Description** A denial of service issue allows attackers to crash the application by providing an oversized registration key. This is achieved by pasting a 1000-character payload into the `Key` field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Backup Key Recovery version 2.2.5 **Description** A denial of service issue allows attackers to crash the application by providing an excessively long registration key. This is achieved by pasting a 1000-character payload into the registration key field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlexNet Publisher version 11.12.1 **Description** A cross-site request forgery issue allows attackers to create administrative user accounts without authentication. This is achieved by crafting a malicious HTML form that tricks authenticated users into submitting a request to create a new local admin account with a predefined password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** APKF Product Key Finder version 2.5.8.0 **Description** A denial of service issue exists where attackers can crash the application by overflowing the 'Name' input field. This is achieved by pasting a 1000-character payload into the registration name field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetworkSleuth version 3.0.0.0 **Description** A denial of service issue allows attackers to crash the application by supplying an oversized registration key. This is achieved by generating a 1000-character buffer payload and pasting it into the registration key field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.