Povlteksttv

**Name of the Vulnerable Software and Affected Versions** Simple Startup Manager version 1.17 **Description** Simple Startup Manager version 1.17 contains a local buffer overflow that allows attackers to execute arbitrary code. The issue occurs due to overwriting memory through the 'File' input parameter. An attacker can craft a malicious payload of 268 bytes to trigger code execution, bypassing Data Execution Prevention (DEP) and overwriting memory addresses. In a reported instance, attackers launched `calc.exe`. The 'File' input parameter is a component used to process file-related operations within the application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Goverlan Reach Console versions prior to 9.50 Goverlan Reach Server versions prior to 3.50 Goverlan Client Agent versions prior to 9.20.50 **Description** The issue is related to an Untrusted Search Path, which can lead to Command Injection and Local Privilege Escalation via DLL hijacking. **Recommendations** For Goverlan Reach Console versions prior to 9.50, update to version 9.50 or later. For Goverlan Reach Server versions prior to 3.50, update to version 3.50 or later. For Goverlan Client Agent versions prior to 9.20.50, update to version 9.20.50 or later.