Mohammed Alshehri

**Name of the Vulnerable Software and Affected Versions** Privacy Drive version 3.17.0 **Description** An unquoted service path issue exists in the `pdsvc.exe` service binary. Local attackers can exploit the service startup process by placing malicious executables in the unquoted path directories, allowing them to execute arbitrary code with LocalSystem privileges during system reboot or service startup. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Program Access Controller version 1.2.0.0 **Description** Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in `PACService.exe` that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path during system startup or reboot to inject and run malicious executables with LocalSystem permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IP Watcher version 3.0.0.30 **Description** IP Watcher version 3.0.0.30 contains an unquoted service path vulnerability in its Windows service configuration. This allows local attackers to execute arbitrary code by exploiting the unquoted binary path. Attackers can inject malicious executables that will be launched with elevated LocalSystem privileges during service startup. **Recommendations** Ensure the service path is properly quoted to prevent the execution of unauthorized code.

**Name of the Vulnerable Software and Affected Versions** WinAVR version 20100110 **Description** Insecure permissions allow authenticated users to modify system files and executables. Attackers can leverage overly permissive access controls to modify critical DLLs and executable files within the installation directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VFS for Git version 1.0.21014.1 **Description** VFS for Git version 1.0.21014.1 contains a security issue in the GVFS.Service Windows service related to an unquoted service path. This allows local attackers to potentially execute code with elevated privileges. The issue arises because the unquoted binary path can be exploited to inject malicious executables. These executables can then be launched with LocalSystem privileges during service startup or system reboot. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sandboxie Plus version 0.7.2 **Description** Sandboxie Plus version 0.7.2 has an issue with the `SbieSvc` service where an unquoted service path can allow local attackers to run code with elevated privileges. Exploiting the unquoted binary path allows attackers to inject malicious executables that run with LocalSystem permissions when the service starts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeLAN version 2.2 **Description** The software contains an unquoted service path vulnerability in its Windows service configuration. This allows local attackers to execute arbitrary code by exploiting the unquoted binary path to inject malicious executables. These injected executables will launch with elevated LocalSystem privileges during service startup. **Recommendations** Ensure the service path is enclosed in quotes during the Windows service configuration.

**Name of the Vulnerable Software and Affected Versions** EmailGPT (affected versions not specified) **Description** The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EmbedAI (affected versions not specified) **Description** The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks due to the absence of a secure session management implementation and weak CORS policies weakness. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lazy Mouse (affected versions not specified) **Description** The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PC Keyboard (affected versions not specified) **Description** The issue allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Telepad (affected versions not specified) **Description** The issue allows an attacker in a man-in-the-middle position between the server and a connected device to see all data, including keypresses, in cleartext. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Telepad (affected versions not specified) **Description** The issue allows remote unauthenticated users to send instructions to the server, enabling the execution of arbitrary code without prior authorization or authentication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PC Keyboard WiFi & Bluetooth (affected versions not specified) **Description** The issue allows an attacker in a man-in-the-middle position between the server and a connected device to see all data, including keypresses, in cleartext. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lazy Mouse (affected versions not specified) **Description** The issue allows an attacker in a man-in-the-middle position between the server and a connected device to see all data, including keypresses, in cleartext. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lazy Mouse server (affected versions not specified) **Description** The issue allows remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands due to weak password requirements and the lack of rate limiting. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.