Seyed Hamid Kashfi

**Name of the Vulnerable Software and Affected Versions** Blue-Collar Productions i-Gallery version 3.3 **Description** The issue allows remote attackers to read arbitrary files and directories. This is achieved via the `folder` parameter in the "folderview.asp" file. **Recommendations** For version 3.3, consider restricting access to the folderview.asp file until a patch is available. As a temporary workaround, avoid using the `folder` parameter in the folderview.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BlueCollar iGallery version 3.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `folder` parameter in the folderview.asp file. **Recommendations** For BlueCollar iGallery version 3.3, consider restricting access to the folderview.asp file until a patch is available, and avoid using the `folder` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GFI Languard Network Security Scanner version 5.0 **Description** The issue concerns the storage of sensitive credentials in memory. Specifically, lnss.exe stores the `username` and `password` in plaintext, which could allow local administrators to obtain domain administrator credentials. **Recommendations** For GFI Languard Network Security Scanner version 5.0, consider restricting access to local administrator privileges to minimize the risk of exploitation. As a temporary workaround, limit the use of domain administrator credentials on systems where this version is installed until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.