Justin C. Klein Keane

**Name of the Vulnerable Software and Affected Versions** TinyMCE version 3.5.8 **Description** The issue concerns the bbcode plugin in TinyMCE, which fails to properly enforce the security policy. This specifically affects the encoding directive and the valid elements attribute, allowing for cross-site scripting (XSS) attacks. An example of exploitation involves using a textarea element. **Recommendations** For TinyMCE version 3.5.8, consider disabling the bbcode plugin until a patch is available to prevent potential XSS attacks. Restrict access to the valid elements attribute and encoding directive to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iThoughtsHD app version 4.19 **Description** The issue allows remote attackers to cause a denial of service by consuming disk space through uploading a large file. This is related to the iThoughts web server in the iThoughtsHD app on iPad devices. **Recommendations** For iThoughtsHD app version 4.19, consider restricting file upload sizes to prevent excessive disk consumption until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iThoughtsHD app version 4.19 **Description** The issue allows remote attackers to upload arbitrary files by exploiting the WiFi Transfer feature. This is achieved by placing a %00 sequence after a dangerous extension, as demonstrated by a .html%00.txt file. **Recommendations** For iThoughtsHD app version 4.19, consider disabling the WiFi Transfer feature until a patch is available to prevent exploitation. Restrict access to file uploads to minimize the risk of arbitrary file uploads.

**Name of the Vulnerable Software and Affected Versions** iThoughtsHD app version 4.19 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It occurs when the WiFi Transfer feature is used, allowing remote attackers to inject arbitrary web script or HTML via a crafted map name. **Recommendations** For iThoughtsHD app version 4.19, consider disabling the WiFi Transfer feature until a patch is available to prevent exploitation of the XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Inf08 theme versions 6.x-1.x before 6.x-1.10 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name. **Recommendations** For Inf08 theme versions 6.x-1.x before 6.x-1.10, update to version 6.x-1.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OM Maximenu module versions 6.x-1.43 and earlier **Description** The issue allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title" when the "Title has PHP" option is enabled. **Recommendations** For OM Maximenu module versions 6.x-1.43 and earlier, as a temporary workaround, consider disabling the "Title has PHP" option until a patch is available. Restrict access to the "Administer OM Maximenu" permission to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hotblocks module versions 6.x-1.x before 6.x-1.8 **Description** The issue allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service. This can be achieved by creating a block that references itself, leading to an infinite loop and time out. **Recommendations** For Hotblocks module versions 6.x-1.x before 6.x-1.8, update to version 6.x-1.8 or later to resolve the issue. As a temporary workaround, consider restricting the "administer hotblocks" permission to trusted users or disabling the Hotblocks module until the update is applied.

Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.

**Name of the Vulnerable Software and Affected Versions** Chaos Tool Suite (aka CTools) module versions prior to 6.x-1.4 **Description** The issue concerns multiple eval injection vulnerabilities in the import functionality of the Chaos Tool Suite module for Drupal. These vulnerabilities allow remote authenticated users with "administer page manager" privileges to execute arbitrary PHP code via input to a text area. The vulnerabilities are related to the `page manager page import subtask validate` function in `page manager/plugins/tasks/page.admin.inc` and the `page manager handler import validate` function in `page manager/page manager.admin.inc`. **Recommendations** For Chaos Tool Suite (aka CTools) module versions prior to 6.x-1.4, update to version 6.x-1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the import functionality for users with "administer page manager" privileges until the update is applied. Additionally, restrict input to text areas in the import functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Chaos Tool Suite (aka CTools) module versions 6.x before 6.x-1.4 for Drupal **Description** The auto-complete functionality does not follow access restrictions, allowing remote authenticated users with "access content" privileges to read the title of an unpublished node. This can be achieved by using a specific value, such as 'q=ctools/autocomplete/node/' accompanied by the first character of the node's title, in the API endpoint "q=ctools/autocomplete/node/". **Recommendations** For Chaos Tool Suite (aka CTools) module versions 6.x before 6.x-1.4, update to version 6.x-1.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Chaos Tool Suite (CTools) module versions prior to 6.x-1.4 **Description** The issue allows remote attackers to hijack the authentication of administrators for requests. This can be done through requests that enable a page via a "q=admin/build/pages/nojs/enable/" value or disable a page via a "q=admin/build/pages/nojs/disable/" value. **Recommendations** For Chaos Tool Suite (CTools) module versions prior to 6.x-1.4, update to version 6.x-1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `q=admin/build/pages/nojs/enable/` and `q=admin/build/pages/nojs/disable/` API endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Drupal Sections module versions 5.x before 5.x-1.3 Drupal Sections module versions 6.x before 6.x-1.3 **Description** A cross-site scripting (XSS) issue exists in the Sections module for Drupal, allowing remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (also known as the Name field). **Recommendations** For versions 5.x before 5.x-1.3, update to version 5.x-1.3 or later. For versions 6.x before 6.x-1.3, update to version 6.x-1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal Core versions 5.x prior to 5.21 Drupal Core versions 6.x prior to 6.15 **Description** A cross-site scripting (XSS) issue exists in the Contact module of Drupal Core, specifically in the contact category name. This allows remote authenticated users with administer site-wide contact form permissions to inject arbitrary web script or HTML. **Recommendations** For Drupal Core versions 5.x prior to 5.21, update to version 5.21 or later. For Drupal Core versions 6.x prior to 6.15, update to version 6.15 or later.

**Name of the Vulnerable Software and Affected Versions** Brilliant Gallery versions prior to 5.x-4.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. **Recommendations** For versions prior to 5.x-4.2, update to version 5.x-4.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Brilliant Gallery versions 5.x through 6.x Description: The issue allows remote authenticated users with "access brilliant gallery" permissions to execute arbitrary SQL commands. This can be achieved via the `nid`, `qid`, `state`, and possibly `user` parameters in the `brilliant gallery checklist save` function. Recommendations: For Brilliant Gallery versions 5.x through 6.x, consider restricting access to the `brilliant gallery checklist save` function until a patch is available. As a temporary workaround, limit the use of the `nid`, `qid`, `state`, and `user` parameters in the affected script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.