Paras Bhatia

**Name of the Vulnerable Software and Affected Versions** Frigate version 3.36.0.9 **Description** Frigate version 3.36.0.9 contains a local buffer overflow in the Command Line input field. An attacker can exploit this to execute arbitrary code by crafting a malicious payload that overflows the buffer, bypasses DEP, and executes commands, such as launching `calc.exe`, through a specially crafted input sequence. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code Blocks version 17.12 **Description** Code Blocks 17.12 contains a local buffer overflow that allows attackers to execute arbitrary code. This is achieved by crafting a malicious file name with Unicode characters. Attackers can trigger the issue by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like `calc.exe`. The vulnerability involves a buffer overflow in the handling of file names. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Frigate Professional version 3.36.0.9 **Description** Frigate Professional 3.36.0.9 contains a local buffer overflow in the 'Find Computer' feature. An attacker can execute arbitrary code by overflowing the computer name input field. A malicious payload can trigger this overflow, enabling code execution, demonstrated by launching the calculator application. The vulnerable component is the 'Find Computer' feature, specifically the handling of the computer name input. The `computer name` input field is susceptible to overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RM Downloader version 2.50.60 **Description** RM Downloader version 2.50.60 contains a local buffer overflow issue in the `Load` parameter. This allows attackers to execute arbitrary code by overwriting memory. An attacker can create a malicious payload using an egg hunter technique to bypass memory protections and execute commands, such as launching `calc.exe`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Code Blocks version 20.03 **Description** The software contains a denial of service issue that allows attackers to crash the application. This is achieved by manipulating input in the FSymbols search field. Specifically, attackers can paste a large payload of 5000 repeated characters into the search field to trigger the application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Frigate version 2.02 **Description** The application is susceptible to a denial of service condition. An attacker can cause the application to crash by providing excessively large input to the command line interface. Specifically, a payload consisting of 8000 repeated characters, when entered into the application’s command line field, triggers the crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flexsense DiskBoss version 7.7.14 **Description** An unauthenticated attacker can upload arbitrary files through the `/Command/Search Files/Directory` field. This can lead to a denial of service by crashing the application. The vulnerable parameter is the `Directory` field within the `/Command/Search Files/` API endpoint. **Recommendations** Apply updates to address this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flexsense DiskBoss version 7.7.14 **Description** Flexsense DiskBoss 7.7.14 has a local buffer overflow issue within the 'Input Directory' component. An unauthenticated attacker can leverage this to execute arbitrary code on the system. Exploitation involves providing a specially crafted directory path to the 'Add Input Directory' field. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.