Jared Demott

**Name of the Vulnerable Software and Affected Versions** Ipswitch WS FTP (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via arguments to a valid command. This command is not properly handled when displayed by the view log option in the administration interface, which can be leveraged to create a new admin account. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LinkedIn Toolbar version 3.0.2.1098 Description: The issue is related to a buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll. This can be exploited by remote attackers to execute arbitrary code via a long second argument (`varBrowser` argument) to the `search` method. Recommendations: For LinkedIn Toolbar version 3.0.2.1098, consider disabling the `search` method in the IEToolbar.IEContextMenu.1 ActiveX control as a temporary workaround until a patch is available. Restrict access to the LinkedInIEToolbar.dll to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.