Prdelka

**Name of the Vulnerable Software and Affected Versions** Citadel SMTP server versions 7.10 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a long RCPT TO command. This command is not properly handled by the `makeuserkey` function, leading to a buffer overflow. **Recommendations** For Citadel SMTP server versions 7.10 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: mbse-bbs versions 0.70 and earlier Description: A stack-based buffer overflow issue allows local users to execute arbitrary code via a long string in the `MBSE ROOT` environment variable. Recommendations: For mbse-bbs versions 0.70 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinZip versions prior to 10 build 7245 **Description** A stack-based buffer overflow issue exists in the Sky Software FileView ActiveX control, used in certain applications including WinZip. This issue allows remote attackers to execute arbitrary code via a long `FilePattern` attribute in a `WZFILEVIEW` object. **Recommendations** For WinZip versions prior to 10 build 7245, update to build 7245 or later to resolve the issue. As a temporary workaround, consider restricting access to the `WZFILEVIEW` object to minimize the risk of exploitation. Avoid using long `FilePattern` attributes in the `WZFILEVIEW` object until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: AEP Smartgate version 4.3b Description: The issue allows remote attackers to determine the existence of directories via a direct request for a directory URI. This is possible because the SSL server returns different HTTP status codes for existing and non-existing directories. Recommendations: For AEP Smartgate version 4.3b, consider restricting access to directory URIs to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed by the HTTP status codes returned by the SSL server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AEP Smartgate version 4.3b Description: The issue allows remote attackers to download arbitrary files via .. (dot dot backslash) sequences in an HTTP GET request to API endpoints such as "/api/sslserver". This is due to a directory traversal vulnerability in the SSL server. Recommendations: For AEP Smartgate version 4.3b, consider restricting access to the SSL server to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the .. sequence in HTTP GET requests to prevent directory traversal.

**Name of the Vulnerable Software and Affected Versions** HP-UX versions B.11.11 **Description** A format string issue in the swask command allows local users to execute arbitrary code via format string specifiers in the -s argument. **Recommendations** For HP-UX version B.11.11, consider restricting access to the swask command until a fix is available. As a temporary workaround, avoid using format string specifiers in the -s argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP-UX versions B.11.11 **Description** A stack-based buffer overflow issue exists in the swpackage and swmodify commands, allowing local users to execute arbitrary code via a long -S argument. **Recommendations** For HP-UX version B.11.11, consider restricting access to the swpackage and swmodify commands until a fix is available. As a temporary workaround, avoid using long -S arguments with these commands to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HP-UX versions B.11.11 Description: A buffer overflow issue exists in the localtime r function and certain other functions in libc, allowing local users to execute arbitrary code via a long TZ environment variable. Recommendations: For HP-UX version B.11.11, update the libc library to a version that fixes the buffer overflow issue in the localtime r function. As a temporary workaround, consider restricting the length of the TZ environment variable to prevent exploitation.