Brian Mariani

**Name of the Vulnerable Software and Affected Versions** SonicWall Email Security appliance (affected versions not specified) **Description** The SonicWall Email Security appliance contains a flaw related to improper input validation. A remote, authenticated attacker with admin privileges can exploit this to make the application unresponsive, resulting in a denial-of-service (DoS) condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWall Email Security (affected versions not specified) **Description** A stored Cross-Site Scripting (XSS) issue exists in the SonicWall Email Security appliance. This is due to insufficient sanitization of user-provided data when creating web pages. A remote attacker with administrative privileges can potentially execute arbitrary JavaScript code. The attacker must be authenticated as an admin user to exploit this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWall Email Security (affected versions not specified) **Description** A flaw exists in the SonicWall Email Security appliance related to insufficient input validation. This could result in data corruption, potentially allowing a remote attacker with administrative privileges to exploit the issue by submitting specially crafted input that damages the application database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do Software Vulnerável e Versões Afetadas** Appliance de Segurança de E-mail (versões afetadas não especificadas) **Descrição** Existe uma vulnerabilidade de Path Traversal no Appliance de Segurança de E-mail. Isso permite que um atacante manipule caminhos do sistema de arquivos injetando sequências de travessia de diretório elaboradas, como `../`, potencialmente obtendo acesso a arquivos e diretórios fora do caminho restrito pretendido. A vulnerabilidade envolve a manipulação de caminhos do sistema de arquivos. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** SonicWall Email Security Appliance (affected versions not specified) **Description** The SonicWall Email Security appliance downloads root filesystem images without verifying signatures. This allows attackers with VMDK or datastore access to modify system files and potentially gain persistent arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP Protect Tools Device Access Manager versions prior to 6.1.0.1 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption. This can be achieved via a long `SidString` argument in certain methods. **Recommendations** For versions prior to 6.1.0.1, update to version 6.1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `AddUser`, `AddUserEx`, `RemoveUser`, `RemoveUserByGuide`, `RemoveUserEx`, and `RemoveUserRegardless` methods until a patch is applied. Avoid using long `SidString` arguments in the affected methods to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Apple QuickTime versions prior to 7.3.1 Description: The issue is related to multiple unspecified vulnerabilities in the Flash media handler of Apple QuickTime. These vulnerabilities can be exploited by remote attackers via a crafted QuickTime movie, potentially allowing the execution of arbitrary code or having other unspecified impacts. Recommendations: For versions prior to 7.3.1, update to version 7.3.1 or later to resolve the issue.