Jérôme Athias

**Name of the Vulnerable Software and Affected Versions** Trillian version 0.74i **Description** A buffer overflow issue exists in the MSN module, allowing remote MSN servers to execute arbitrary code via a long string that ends in a newline character. **Recommendations** For Trillian version 0.74i, consider disabling the MSN module as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** 04WebServer version 1.42 **Description** A cross-site scripting (XSS) issue exists due to the failure to properly quote script code in the URL within the resulting default error page of Response default.html. This allows remote attackers to execute arbitrary web script or HTML. **Recommendations** For version 1.42, ensure that script code in URLs is properly quoted in the default error page to prevent XSS attacks. As a temporary workaround, consider restricting access to the default error page until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** phpBugTracker version 0.9.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two methods: (1) the `bug id` parameter in a "viewvotes" operation or (2) the `project` parameter in an "add" operation. **Recommendations** For phpBugTracker version 0.9.1, consider restricting access to the `bug.php` file until a patch is available. As a temporary workaround, avoid using the `bug id` parameter in the "viewvotes" operation and the `project` parameter in the "add" operation to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WinZip versions 9.0 and earlier Description: The issue is related to multiple buffer overflows that may allow attackers to execute arbitrary code via multiple vectors, including the command line. Recommendations: For WinZip versions 9.0 and earlier, update to a version later than 9.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Kerio Personal Firewall version 4.0 **Description** The issue allows local users with administrative privileges to bypass the Application Security feature. This is achieved by directly writing to the physical memory, specifically to restore the running kernel's SDT ServiceTable, thereby enabling the execution of arbitrary processes. **Recommendations** For Kerio Personal Firewall version 4.0, consider restricting administrative privileges to minimize the risk of exploitation. As a temporary workaround, monitor system activity closely for any unauthorized process execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebAPP version 0.9.9 **Description** A directory traversal issue allows remote attackers to view arbitrary files by using a .. (dot dot) in the `viewcat` parameter. **Recommendations** For WebAPP version 0.9.9, restrict access to the `viewcat` parameter to minimize the risk of exploitation. Avoid using the `viewcat` parameter with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gaucho version 1.4 Build 145 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header. **Recommendations** For Gaucho version 1.4 Build 145, at the moment, there is no information about a newer version that contains a fix for this vulnerability.