Victor Mondragón

Name of the Vulnerable Software and Affected Versions Navicat for Oracle version 12.1.15 Description Navicat for Oracle version 12.1.15 contains a denial of service issue that allows local attackers to crash the application. This occurs by providing an excessively long string in the password field during Oracle connection configuration. Specifically, pasting a buffer of 550 repeated characters into the `password` parameter can trigger an application crash. Recommendations Avoid using excessively long strings in the `password` parameter during Oracle connection configuration.

Name of the Vulnerable Software and Affected Versions Core FTP/SFTP Server version 1.2 Description Core FTP/SFTP Server version 1.2 contains a buffer overflow issue that allows attackers to disrupt the service by providing a long string in the User domain field. Attackers can insert a malicious payload of 7000 bytes into the domain configuration to cause an application crash and denial of service. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Device Monitoring Studio version 8.10.00.8925 Description A denial of service issue exists that allows local attackers to crash the application by providing a long string to the server connection dialog. Attackers can trigger this by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Deluge version 1.3.15 **Description** A denial of service issue exists in Deluge that allows local attackers to crash the application. This occurs when an excessively long string is provided in the URL field. Specifically, attackers can paste a 5000-character buffer into the 'From URL' field during torrent addition, leading to an application crash. **Recommendations** Update to a newer version of Deluge that addresses this issue. As a temporary workaround, limit the length of the input allowed in the 'From URL' field.

**Name of the Vulnerable Software and Affected Versions** BulletProof FTP Server version 2019.0.0.50 **Description** The software contains a denial of service issue in the `Storage-Path` configuration parameter. Local attackers can crash the application by providing an excessively long string value. Attackers can enable the Override Storage-Path setting and paste a buffer of 500 bytes or more to trigger an application crash when saving the configuration. **Recommendations** Avoid providing excessively long string values (500 bytes or more) to the `Storage-Path` configuration parameter.

**Name of the Vulnerable Software and Affected Versions** BulletProof FTP Server version 2019.0.0.50 **Description** The software contains a denial of service issue in the DNS Address field. Local attackers can cause the application to crash by providing an excessively long string. Specifically, attackers can enable the DNS Address option within the Firewall settings and paste a 700-byte buffer, triggering a crash when the `Test()` function is called. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZOC Terminal version 7.23.4 **Description** A buffer overflow occurs in the Shell field of Program Settings, allowing local attackers to crash the application by providing an excessively long string. This is triggered when a crafted payload is pasted into the Shell configuration field and the Command Shell feature is accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axessh version 4.2 **Description** A denial of service issue exists in the logging configuration. Local attackers can crash the application by providing an excessively long string of 500 or more characters in the log file name parameter. This is triggered when session logging is enabled and a telnet connection is established. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DNSS Domain Name Search Software version 2.1.8 **Description** A buffer overflow occurs in the registration code input field, allowing local attackers to crash the application. This is achieved by submitting an excessively long string, specifically by pasting a malicious registration code containing 300 repeated characters into the `Name/Key` field via the 'Register' menu option, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPRunner version 10.1 **Description** A denial of service issue allows local attackers to crash the application. This occurs when an excessively long string, specifically a buffer of 10,000 characters, is provided in the `Name` field during the creation of a dashboard. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jetCast Server version 2.0 **Description** A denial of service issue allows local attackers to crash the application. By supplying an excessively long string of 5000 characters into the Log directory configuration field and clicking Start, the server process is terminated. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASPRunner.NET version 10.1 **Description** A denial of service issue allows local attackers to crash the application. This occurs during database table creation when an excessively long string, such as a buffer of 10000 characters, is supplied in the table name parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jetAudio 8.1.7.20702 Basic **Description** A denial of service issue allows local attackers to crash the application by supplying an excessively long string through the URL input handler. The crash is triggered by pasting a buffer of 5000 characters into the 'Open URL' dialog, causing the application to terminate abnormally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotAuditor version 5.2.6 **Description** The software contains a denial of service issue in the registration dialog. Local attackers can cause the application to crash by providing an excessively long string in the `Name` field. Specifically, pasting a buffer of 300 repeated characters into the `Name` input during registration triggers an application crash. **Recommendations** SpotAuditor version 5.2.6: Limit the length of the input accepted in the `Name` field during registration to prevent excessively long strings.

**Name of the Vulnerable Software and Affected Versions** NSauditor version 3.1.2.0 **Description** The software contains a buffer overflow in the SNMP Auditor Community field. A local attacker can crash the application by providing an excessively long string. An attacker can paste a large payload into the Community field and activate the Walk function, leading to a denial of service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HeidiSQL Portable version 10.1.0.5464 **Description** A denial of service issue allows local attackers to crash the application by supplying an excessively long string in the password field. This occurs when a buffer overflow payload is pasted into the password input during Microsoft SQL Server login. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Backup Key Recovery version 2.2.4 **Description** A denial of service issue allows local attackers to crash the application by providing an excessively long string in the `Name` field during registration. Submitting the form with a buffer of 300 or more characters in this field triggers the crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltraVNC Viewer version 1.2.2.4 **Description** A denial of service issue exists where attackers can crash the application by supplying an oversized string to the VNC Server input field. By pasting a malicious string containing 256 repeated characters into the VNC Server field and clicking Connect, a buffer overflow is triggered, causing the viewer to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltraVNC Launcher version 1.2.2.4 **Description** A buffer overflow occurs in the 'Path vncviewer.exe' property field. Local attackers can cause the application to crash by providing an excessively long string, such as a 300-byte payload of repeated characters through the Properties dialog, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RarmaRadio version 2.72.3 **Description** The software contains a denial of service issue in the `Username` field. Local attackers can cause the application to crash by providing excessively long input. Specifically, an attacker can paste a 5000-byte buffer into the `Username` field through Settings > Network, leading to an application crash. **Recommendations** Apply input validation to the `Username` field to limit the maximum allowed input length.