Kim

**Name of the Vulnerable Software and Affected Versions** WebMember version 1.0 **Description** A SQL injection issue exists, allowing remote authenticated users to execute arbitrary SQL commands. This is achieved via the `formID` parameter in the form.php file. **Recommendations** For WebMember version 1.0, consider restricting access to the form.php file until a patch is available. As a temporary workaround, avoid using the `formID` parameter in the affected form.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KSign KSignSWAT ActiveX Control version 2.0.3.3 **Description** The issue is related to multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control. This can be exploited by remote attackers to execute arbitrary code via long arguments to certain functions, including (1) `SWAT Init()`, (2) `SWAT InitEx()`, (3) `SWAT InitEx2()`, (4) `SWAT InitEx3()`, and (5) `SWAT Login()`. **Recommendations** For version 2.0.3.3, as a temporary workaround, consider disabling the `SWAT Init()`, `SWAT InitEx()`, `SWAT InitEx2()`, `SWAT InitEx3()`, and `SWAT Login()` functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.