Guido Landi

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.8 SeaMonkey versions prior to 1.1.16 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. This is related to the txMozillaXSLTProcessor::TransformToDoc function. **Recommendations** For Mozilla Firefox versions prior to 3.0.8, update to version 3.0.8 or later. For SeaMonkey versions prior to 1.1.16, update to version 1.1.16 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft SQL Server 2000 versions 8.00.2039 through 8.00.2050 Microsoft SQL Server 2005 version 9.00.1399.06 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) version SP4 Microsoft SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 versions SP1 through SP2 Windows Internal Database (WYukon) version SP2 **Description** A remote code execution issue exists due to the way SQL Server checks parameters in the `sp replwritetovarbin` extended stored procedure. This could allow an attacker to execute arbitrary code if they have access to an affected system or if a SQL injection vulnerability exists. An attacker who successfully exploits this issue could gain complete control of the system, allowing them to install programs, view, change, or delete data, or create new accounts. **Recommendations** For Microsoft SQL Server 2000 versions 8.00.2039 through 8.00.2050, update to a version that includes the fix for this issue. For Microsoft SQL Server 2005 version 9.00.1399.06, update to a version that includes the fix for this issue. For Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) version SP4, update to a version that includes the fix for this issue. For Microsoft SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 versions SP1 through SP2, update to a version that includes the fix for this issue. For Windows Internal Database (WYukon) version SP2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the `sp replwritetovarbin` extended stored procedure until a patch is available.

Name of the Vulnerable Software and Affected Versions: FlashGet version 1.9 Description: A buffer overflow issue exists due to a boundary error in the processing of FTP PWD responses, which can be exploited by malicious FTP servers to execute arbitrary code on a user's system. This can be achieved by tricking a user into connecting to a malicious FTP server, allowing for a stack-based buffer overflow. Recommendations: For FlashGet version 1.9, consider disabling the FTP functionality until a patch is available to prevent exploitation of the buffer overflow issue. Restrict access to untrusted FTP servers to minimize the risk of compromise. Avoid using the PWD command in the affected FTP client until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xine-lib versions 1.1.12 and earlier **Description** The issue is a stack-based buffer overflow in the demux nsf send chunk function, located in src/demuxers/demux nsf.c. This allows remote attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code if a long NSF title is sent. **Recommendations** For xine-lib versions 1.1.12 and earlier, as a temporary workaround, consider disabling the demux nsf send chunk function until a patch is available. Restrict access to the demux nsf.c module to minimize the risk of exploitation. Avoid using long NSF titles in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pligg version 9.9.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "editlink.php" file. **Recommendations** For Pligg version 9.9.0, consider restricting access to the "editlink.php" file until a patch is available, and avoid using the `id` parameter in this context to minimize the risk of exploitation.