Knud Erik Højgaard

**Name of the Vulnerable Software and Affected Versions** Farmers WIFE version 4.4 SP1 **Description** The issue allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands, due to a directory traversal vulnerability in the FTP server (port 22003/tcp). **Recommendations** For Farmers WIFE version 4.4 SP1, consider restricting access to the FTP server on port 22003/tcp until a patch is available. As a temporary workaround, avoid using the PUT and SIZE commands in the FTP server to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: youbin (affected versions not specified) Description: The issue is related to a buffer overflow that allows local users to gain privileges. This is achieved by setting a long HOME environment variable. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** moxftp versions 2.2 and earlier xftp (affected versions not specified) **Description** The issue allows remote malicious FTP servers to execute arbitrary code via a long FTP banner, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. **Recommendations** For moxftp versions 2.2 and earlier, update to a version later than 2.2 to resolve the issue. For xftp, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eset Software NOD32 for UNIX versions prior to 1.013 **Description** A buffer overflow issue allows local users to execute arbitrary code via a long path name. **Recommendations** For versions prior to 1.013, update to version 1.013 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet versions prior to 2.12 RC10 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a long window title. **Recommendations** For versions prior to 2.12 RC10, update to version 2.12 RC10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PuTTY versions 0.53b and earlier **Description** The issue concerns the storage of logon credentials in memory. Specifically, it does not clear credentials, including plaintext passwords, from memory, which could allow attackers with access to memory to steal the SSH credentials. **Recommendations** For PuTTY versions 0.53b and earlier, update to a version that properly clears logon credentials from memory to prevent potential theft of SSH credentials.

**Name of the Vulnerable Software and Affected Versions** SecureCRT versions 3.4.7 and 4.0.2 SecureFX versions 2.0.4 and 2.1.2 Entunnel versions 1.0.2 and earlier **Description** The issue concerns the failure of SSH2 clients to clear logon credentials from memory. This includes plaintext passwords, which could be stolen by attackers with access to memory. **Recommendations** For SecureCRT versions 3.4.7 and 4.0.2, update to a version that properly clears logon credentials from memory. For SecureFX versions 2.0.4 and 2.1.2, update to a version that properly clears logon credentials from memory. For Entunnel versions 1.0.2 and earlier, update to a version that properly clears logon credentials from memory.

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet (affected versions not specified) **Description** The issue concerns the AbsoluteTelnet SSH2 client, which fails to clear logon credentials from memory. This includes storing plaintext passwords in memory, making it possible for attackers with access to the memory to steal the SSH credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.