Revnic Vasile

**Name of the Vulnerable Software and Affected Versions** Flexense VX Search Enterprise version 10.1.12 **Description** The issue allows remote attackers to execute arbitrary code via a buffer overflow. This is achieved by sending an empty POST request to a long URI that begins with a `/../` substring. **Recommendations** For Flexense VX Search Enterprise version 10.1.12, consider restricting access to the affected URI endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using long URIs starting with `/../` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Easy Address Book Web Server version 1.2 **Description** The issue allows remote attackers to cause a denial of service or compromise the server via encoded format string specifiers in the query string. **Recommendations** For Easy Address Book Web Server version 1.2, consider restricting access to the server until a patch is available to prevent potential exploitation. As a temporary workaround, avoid using encoded format string specifiers in the query string to minimize the risk of a denial of service or server compromise.

**Name of the Vulnerable Software and Affected Versions** NCH Swift Sound Web Dictate version 1.02 **Description** The issue allows remote attackers to bypass authentication. This is achieved by using a null password, which indicates a significant flaw in the authentication mechanism. **Recommendations** For NCH Swift Sound Web Dictate version 1.02, consider implementing an alternative authentication method or restricting access to sensitive areas of the application until a proper fix is available. As a temporary workaround, restrict access to the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KCScripts Calendar versions prior to Portal Pack 6.0 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `sort order` parameter in the `/calendar/Visitor.cgi` endpoint. **Recommendations** For versions prior to Portal Pack 6.0, update to a version later than Portal Pack 6.0 to resolve the issue. As a temporary workaround, consider restricting access to the `sort order` parameter in the `/calendar/Visitor.cgi` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webplus (aka talentsoft) Web+Shop version 5.3.6 **Description** The issue allows remote attackers to obtain sensitive information when the Redirect URL for "Script Not Found" Error is not configured. This is achieved by providing a quote (') or possibly other invalid value in the `storeid` parameter in `store.wml` in `webplus.exe`, which reveals the path in a "Script Not Found" error message. **Recommendations** For Webplus (aka talentsoft) Web+Shop version 5.3.6, configure the Redirect URL for "Script Not Found" Error to prevent sensitive information disclosure. As a temporary workaround, consider restricting access to the `storeid` parameter in the `store.wml` file to minimize the risk of exploitation.

[Content removed]