Tulpa Security

**Name of the Vulnerable Software and Affected Versions** Disk Pulse Enterprise version 9.0.34 **Description** A stack-based buffer overflow exists in the login functionality. An attacker can send a specially crafted HTTP POST request to the `/login` endpoint with an overly long `username` parameter, causing a buffer overflow in the `libspp.dll` component. Successful exploitation allows arbitrary code execution with SYSTEM privileges. **Recommendations** Disk Pulse Enterprise version 9.0.34: As a temporary workaround, consider restricting the length of the `username` parameter in the `/login` endpoint to prevent excessively long input.