Onur Alanbel

**Name of the Vulnerable Software and Affected Versions** Citrix NetScaler versions 10.5 **Description** The issue allows remote attackers to bypass intended firewall restrictions by using a crafted Content-Type header. This can be achieved with specific Content-Types, such as `application/octet-stream` and `text/xml`. **Recommendations** For version 10.5, consider restricting or validating the Content-Type header to prevent bypassing of firewall restrictions. As a temporary workaround, restrict access to sensitive areas of the application protected by the NetScaler AppFirewall until a more permanent solution is available.

**Name of the Vulnerable Software and Affected Versions** MiniUPnPd version 1.0 **Description** The issue is related to a stack-based buffer overflow in the ExecuteSoapAction function, which is part of the SOAPAction handler in the HTTP service. This allows remote attackers to execute arbitrary code by sending a long quoted method. **Recommendations** For MiniUPnPd version 1.0, consider disabling the ExecuteSoapAction function as a temporary workaround until a patch is available. Restrict access to the SOAPAction handler in the HTTP service to minimize the risk of exploitation.