Jouko Pynnönen

**Name of the Vulnerable Software and Affected Versions** fluid-responsive-slideshow plugin versions prior to 2.2.7 **Description** The issue is related to reflected XSS, which occurs via the `skin` parameter. This allows for potential malicious script injection and execution. **Recommendations** For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `skin` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** fluid-responsive-slideshow plugin versions prior to 2.2.7 **Description** The issue concerns a CSRF vulnerability that leads to stored XSS. This occurs in the `frs save` function, allowing for malicious input to be stored and executed. **Recommendations** For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PageLines theme version 1.1.4 **Description** The issue concerns a CSRF vulnerability in the PageLines theme for WordPress. It affects the "wp-admin/admin-post.php?page=pagelines" endpoint. **Recommendations** For PageLines theme version 1.1.4, update to a newer version that addresses the CSRF issue in the `wp-admin/admin-post.php?page=pagelines` endpoint. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** A cross-site scripting (XSS) issue exists due to insufficient input validation in the `column title` function. This allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wp-admin/includes/class-wp-media-list-table.php` file until a patch is applied. Avoid using crafted attachment names in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to bypass intended redirection restrictions. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is due to a vulnerability in the `wp get attachment link` function. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload attachments with crafted names until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to `wp-admin/includes/ajax-actions.php` and `wp-admin/revision.php`. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to bypass intended access restrictions and remove a category attribute from a post. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.5.3 **Description** The issue allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie. **Recommendations** For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.2.3 **Description** A cross-site scripting (XSS) issue allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php. **Recommendations** For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes for users with the Author or Contributor role until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** WPML plugin versions prior to 3.1.9 **Description** The issue allows remote attackers to bypass nonce checks and perform arbitrary actions. This is achieved by sending a request that contains an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. **Recommendations** For WPML plugin versions prior to 3.1.9, update to version 3.1.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Notes versions 6.0.3 through 6.5 **Description** The issue allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. This is related to an argument injection vulnerability. **Recommendations** For versions 6.0.3 through 6.5, consider restricting access to UNC network share pathnames in notes: URIs to minimize the risk of exploitation. As a temporary workaround, avoid using notes: URIs with UNC network share pathnames until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Solaris versions 2.6 through 9 Description: A stack-based buffer overflow issue exists in the runtime linker, ld.so.1, which allows local users to gain root privileges by setting a long `LD PRELOAD` environment variable. Recommendations: For Solaris versions 2.6 through 9, as a temporary workaround, consider restricting the use of the `LD PRELOAD` environment variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jakarta Tomcat versions prior to 3.3.1a **Description** The issue allows remote attackers to list directories even when an index.html or other file is present, or obtain unprocessed source code for a JSP file. This can be achieved via a URL containing a null character. URLs with null characters could result in file contents being returned or a directory listing being returned even when a welcome file was defined. **Recommendations** For Jakarta Tomcat versions prior to 3.3.1a, update to version 3.3.1a or later to resolve the issue. As a temporary workaround, consider restricting access to URLs containing null characters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IMP versions 2.2.8 and earlier **Description** The issue allows remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions, such as the `check prefs()` function in db.pgsql, as demonstrated using the "mailbox.php3" endpoint. **Recommendations** For versions 2.2.8 and earlier, consider disabling the `check prefs()` function in db.pgsql until a patch is available. Restrict access to the "mailbox.php3" endpoint to minimize the risk of exploitation.