K`Sose

**Name of the Vulnerable Software and Affected Versions** CoolPlayer versions 2.18 and possibly other versions **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved through a crafted m3u file, requiring user assistance. **Recommendations** For CoolPlayer version 2.18, update to a version that fixes this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IGSuite version 3.2.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `formid` parameter in the cgi-bin/igsuite endpoint. **Recommendations** For IGSuite version 3.2.4, avoid using the `formid` parameter in the cgi-bin/igsuite endpoint until a fix is available. As a temporary workaround, consider restricting access to the cgi-bin/igsuite endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MPlayer version 1.0 rc2 **Description** The issue is related to an uncontrolled array index in the sdpplin parse function, located in stream/realrtsp/sdpplin.c, which allows remote attackers to overwrite memory and execute arbitrary code. This is achieved by providing a large `streamid` SDP parameter. **Recommendations** For MPlayer version 1.0 rc2, consider restricting access to the `sdpplin parse` function until a patch is available. Avoid using large values for the `streamid` SDP parameter in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.0.0 through 3.0.29 Samba versions prior to 3.0.28a-r1 **Description** The issue is a heap-based buffer overflow in the receive smb raw function in util/sock.c in Samba, which allows remote attackers to execute arbitrary code via a crafted SMB response. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For Samba versions 3.0.0 through 3.0.29, update to a version outside of this range to resolve the issue. For Samba versions prior to 3.0.28a-r1, update to version 3.0.28a-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable `receive smb raw` function in `util/sock.c` until a patch is available.