Trancek

**Name of the Vulnerable Software and Affected Versions** Sony AxRUploadServer.AxRUploadControl.1 version 1.0.0.38 **Description** The issue is related to a buffer overflow in the ActiveX control, which allows remote attackers to execute arbitrary code. This can be achieved by providing a long argument to the `SetLogging` method. **Recommendations** For version 1.0.0.38, consider disabling the `SetLogging` method as a temporary workaround until a patch is available. Restrict access to the AxRUploadServer.dll module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSiteAdmin versions 0.9.1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path` parameter to various PHP files, including `indexFooter.php`, `DatabaseManager.php`, `FieldManager.php`, `Filter.php`, `Form.php`, `FormManager.php`, `LoginManager.php`, and `Filters/SingleFilter.php` in the `scripts/classes/` directory. **Recommendations** For OpenSiteAdmin versions 0.9.1.1 and earlier, consider disabling the `path` parameter in the affected PHP files until a patch is available. Restrict access to the `scripts/classes/` directory to minimize the risk of exploitation. Avoid using the `path` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** All Club CMS (ACCMS) versions 0.0.1f and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `class name` parameter. This can be achieved by exploiting the directory traversal vulnerability in the index.php file. **Recommendations** For All Club CMS (ACCMS) versions 0.0.1f and earlier, avoid using the `class name` parameter in the affected index.php file until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CoolPlayer versions 216 and earlier **Description** The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved through a playlist file with long song names, which causes an overflow in the `CPL AddPrefixedFile` function in `CPI Playlist.c`. Additionally, overflows can occur in skin files with long button names, due to the `main skin check ini value` function in `skin.c`, and in skin files with long bitmap filenames, because of the `main skin open` function in `skin.c`. **Recommendations** For CoolPlayer versions 216 and earlier, consider disabling the use of playlist files with long song names, skin files with long button names, and skin files with long bitmap filenames until a patch is available. Restrict access to the `CPL AddPrefixedFile` function, `main skin check ini value` function, and `main skin open` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.