Zigma

Researcher fromUnderz0ne Crew
#8179of 53,622
33.6Total CVSS
Vulnerabilities · 4
High
4
PT-2009-2428
9.3
2009-08-12
Chilkat · Chilkatsocket · CVE-2008-6959
Name of the Vulnerable Software and Affected Versions: ChilkatSocket version 2.3.1.1 Description: The issue allows remote attackers to overwrite arbitrary files via the `SaveLastError` method in the Chilkat Socket ActiveX control. Recommendations: For version 2.3.1.1, consider disabling the `SaveLastError` method as a temporary workaround until a patch is available.
PT-2009-2208
7.5
2009-04-21
Todd Woolums · Todd Woolums Asp Download Management Script · CVE-2008-6739
Name of the Vulnerable Software and Affected Versions: Todd Woolums ASP Download management script version 1.03 Description: The issue concerns a lack of authentication requirement for the setupdownload.asp page, allowing remote attackers to gain administrator privileges by making a direct request to this page. The estimated number of potentially affected devices worldwide is not available. Recommendations: For Todd Woolums ASP Download management script version 1.03, consider implementing proper authentication mechanisms for the setupdownload.asp page to prevent unauthorized access.
PT-2008-6506
9.3
2008-12-09
National Instruments · National Instruments Electronics Workbench · CVE-2008-5383
**Name of the Vulnerable Software and Affected Versions** National Instruments Electronics Workbench (affected versions not specified) **Description** The issue is a stack-based buffer overflow that allows attackers to cause a denial of service, potentially leading to an application crash, and possibly execute arbitrary code. This can be achieved through a crafted .ewb file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2008-4136
7.5
2008-06-13
Jiro · Jiro'S Faq Manager Experience · CVE-2008-2691
**Name of the Vulnerable Software and Affected Versions** JiRo's FAQ Manager eXperience version 1.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `fID` parameter in the "read.asp" file. **Recommendations** For JiRo's FAQ Manager eXperience version 1.0, avoid using the `fID` parameter in the read.asp file until the issue is resolved. As a temporary workaround, consider restricting access to the read.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.