Yehia Elghaly

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet version 11.24 **Description** The software contains a flaw that allows local attackers to cause a denial of service by manipulating the DialUp connection and license name fields. An attacker can craft a 1000-character payload and input it into specific fields, leading to application crashes and unexpected termination. The vulnerable fields are `DialUp connection` and `license name`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AbsoluteTelnet version 11.24 **Description** AbsoluteTelnet version 11.24 contains a denial of service issue that allows local attackers to crash the application. This is achieved by manipulating the `username` and error report fields. Specifically, inserting 1000 characters into the `username` or email address fields causes the application to become unresponsive. The vulnerable fields are used during application operation. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, limit the number of characters allowed in the `username` and email address fields.

**Name of the Vulnerable Software and Affected Versions** Lucee version 5.4.2.17 **Description** An authenticated attacker can inject malicious scripts through parameters in the administrative interface. This allows for the execution of arbitrary JavaScript in a victim’s browser session via crafted payloads targeting administrative pages such as `server.cfm` and `web.cfm`. The issue is a reflected cross-site scripting condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xlight FTP Server version 3.9.3.6 **Description** Xlight FTP Server 3.9.3.6 contains a stack buffer overflow issue in the 'Execute Program' configuration. An attacker can cause a denial of service by providing 294 characters to the program execution configuration. The vulnerability leads to application crashes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Modbus Tools Modbus Slave versions 7.4.2 and prior **Description** The issue is related to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used. **Recommendations** For versions 7.4.2 and prior, as a temporary workaround, consider restricting the length of character strings used in the registration field to prevent the buffer overflow until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.