Ansgar Burchardt

**Name of the Vulnerable Software and Affected Versions** devscripts versions through 2.18.3 **Description** The issue allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. This is related to the scripts/grep-excuses.pl in Debian devscripts. **Recommendations** For devscripts versions through 2.18.3, consider updating the YAML::Syck configuration to prevent unintended blessing as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FusionForge Git plugin versions prior to 6.0rc4 **Description** The issue allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. **Recommendations** For versions prior to 6.0rc4, update to version 6.0rc4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.34.1 **Description** The setup script in DTC uses world-readable permissions for the /etc/apache2/apache2.conf file, allowing local users to obtain the dtcdaemons MySQL password by reading the file. **Recommendations** For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider changing the permissions of the /etc/apache2/apache2.conf file to restrict access until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.34.1 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in mailing list tunable options in the shared/inc/sql/lists.php file. **Recommendations** For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the mailing list tunable options to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.34.1 **Description** The issue allows local users to potentially read a password by listing the process and its arguments, as the password is included in the -b command line argument to htpasswd. **Recommendations** For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the process list to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.34.1 **Description** The issue allows remote authenticated users to inject arbitrary web script or HTML via the message body of a support ticket or unspecified vectors to the DNS and MX form, as demonstrated by the "Domain root TXT record:" field. **Recommendations** For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the support ticket and DNS and MX form features until the update is applied. Avoid using the "Domain root TXT record:" field in the affected forms until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.34.1 **Description** A directory traversal issue exists, allowing remote authenticated users to execute arbitrary PHP code. This is achieved by including a .. (dot dot) in the `pkg` parameter within a do install action to dtc/. **Recommendations** For versions prior to 0.34.1, update to version 0.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the do install action or validating the `pkg` parameter to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.32.11 **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters into the `dtcpkg directory` parameter in a `do install` action to `dtc/`. **Recommendations** For versions prior to 0.32.11, update to version 0.32.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the `drawAdminTools PackageInstaller` function in `shared/inc/forms/packager.php` to minimize the risk of exploitation. Avoid using the `dtcpkg directory` parameter in the affected `do install` action to `dtc/` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.32.11 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `database name` parameter in the `drawAdminTools PackageInstaller` function. **Recommendations** For versions prior to 0.32.11, update to version 0.32.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the `drawAdminTools PackageInstaller` function until a patch is available. Avoid using the `database name` parameter in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** apt versions 0.8.16 through 0.9.7 **Description** The issue is related to the handling of InRelease files, which can be exploited by man-in-the-middle attackers to modify packages before installation. This is possibly related to integrity checking and the use of third-party repositories. **Recommendations** For apt versions 0.8.16 through 0.9.7, consider restricting the use of third-party repositories to minimize the risk of exploitation. As a temporary workaround, ensure that package integrity is thoroughly checked before installation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Widelands versions prior to 15.1 **Description** A directory traversal issue exists, potentially allowing remote attackers to overwrite arbitrary files by utilizing . (dot) characters in a pathname used for file transfers in Internet games. **Recommendations** For versions prior to 15.1, update to version 15.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Widelands versions prior to 15.1 **Description** The pathname canonicalization functionality in Widelands does not properly restrict the use of leading ~ (tilde) characters in strings received from the network, potentially allowing remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname used for a file transfer in an Internet game. **Recommendations** For versions prior to 15.1, update to version 15.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.32.9 **Description** The issue allows remote attackers to obtain potentially sensitive bandwidth information without authentication via direct requests to specific API endpoints, such as "admin/bw per month.php" and "client/bw per month.php". Multiple vulnerabilities in the DTC package may lead to breaches of confidentiality, integrity, and availability of protected information, and these vulnerabilities can be exploited remotely. **Recommendations** For versions prior to 0.32.9, update to version 0.32.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/bw per month.php" and "client/bw per month.php" endpoints until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Domain Technologie Control (DTC) versions prior to 0.32.9 **Description** The issue concerns multiple SQL injection vulnerabilities that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the `cid` parameter in certain API endpoints, such as `/admin/bw per month.php` and `/client/bw per month.php`, is vulnerable to SQL injection attacks, allowing remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.32.9, update to version 0.32.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints `/admin/bw per month.php` and `/client/bw per month.php` until a patch is applied. Avoid using the `cid` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GnuDIP version 2.1.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "cgi-bin/gnudip.cgi" endpoint. **Recommendations** For GnuDIP version 2.1.1, consider restricting access to the "cgi-bin/gnudip.cgi" endpoint until a patch is available. As a temporary workaround, avoid using the `username` parameter in this endpoint to minimize the risk of exploitation.