Seth Fogie

**Name of the Vulnerable Software and Affected Versions** AXIS Camera Station Pro (affected versions not specified) **Description** A feature in AXIS Camera Station Pro can be exploited, allowing a user without administrative privileges to access information they are not authorized to view. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** An insecure direct object reference permitted a non-administrator user to modify or delete specific data objects without proper authorization. This issue allows unauthorized data manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** (affected versions not specified) **Description** A server-side injection allowed a malicious administrator to manipulate the application to include and execute a malicious script on the server. This attack requires a compromised client used by the administrator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mobile Spy (affected versions not specified) **Description** The issue concerns the storage and transmission of sensitive information. Specifically, it involves storing login credentials in cleartext under a specific registry key and sending login credentials and log data over a cleartext HTTP connection. This allows attackers to obtain sensitive information either by reading the registry or by sniffing the network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EZPhotoSales versions 1.9.3 and earlier **Description** The issue allows remote attackers to download arbitrary image files. This can be achieved through a direct request for a URL under "OnlineViewing/galleries/" or by navigating the gallery user interface with JavaScript disabled. **Recommendations** For EZPhotoSales versions 1.9.3 and earlier, update to a version later than 1.9.3 to resolve the issue. As a temporary workaround, consider disabling the gallery user interface or restricting access to the "OnlineViewing/galleries/" directory until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ScaryBear PocketExpense Pro version 3.9.1 **Description** The issue allows local users to disable authentication and access a data file by modifying a certain value in the file header, because the file's contents are stored in plaintext and protected by an internally recorded key. **Recommendations** For ScaryBear PocketExpense Pro version 3.9.1, consider modifying the application to store data files securely, such as by using encryption, and ensure that authentication mechanisms are properly implemented to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Abidia O-Anywhere and Abidia Wireless (affected versions not specified) **Description** The issue concerns the transmission of authentication credentials in cleartext, allowing remote attackers to obtain sensitive information by sniffing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Soti Pocket Controller-Professional version 5.0 **Description** The issue allows remote attackers to send a series of packets to port 5492, enabling them to turn off, reboot, or hard reset a PDA. **Recommendations** For Soti Pocket Controller-Professional version 5.0, consider restricting access to port 5492 to minimize the risk of exploitation.