R-73En

**Name of the Vulnerable Software and Affected Versions** EasyCafe Server version 2.2.14 **Description** A remote file disclosure issue exists in EasyCafe Server. An unauthenticated remote attacker can request arbitrary files via TCP port 831 using opcode 0x43, potentially retrieving sensitive information like system configuration and password files if the file exists and is accessible. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Symantec Messaging Gateway versions prior to 10.6.2 **Description** The issue allows remote authenticated users to read arbitrary files. This is achieved by exploiting a directory traversal vulnerability in the charting component. The vulnerability can be triggered by including a .. (dot dot) in the `sn` parameter to the "brightmail/servlet/com.ve.kavachart.servlet.ChartStream" endpoint. **Recommendations** For versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the brightmail/servlet/com.ve.kavachart.servlet.ChartStream endpoint to minimize the risk of exploitation. Avoid using the `sn` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Konica Minolta FTP Utility version 1.0 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, by sending a long `USER` command. **Recommendations** For Konica Minolta FTP Utility version 1.0, consider disabling the FTP service until a patch is available to prevent potential exploitation. Restrict access to the vulnerable `USER` command to minimize the risk of arbitrary code execution or denial of service.

**Name of the Vulnerable Software and Affected Versions** ProFTPD version 1.3.5 **Description** The issue allows remote attackers to read and write to arbitrary files. This is achieved via the site cpfr and site cpto commands, which are part of the mod copy module in the ProFTPD FTP server. **Recommendations** For ProFTPD version 1.3.5, consider disabling the mod copy module as a temporary workaround until a patch is available. Restrict access to the site cpfr and site cpto commands to minimize the risk of exploitation.