Kingcope

**Name of the Vulnerable Software and Affected Versions** Parallels Plesk Panel versions 9.0.x through 9.2.x Small Business Panel versions 10.x **Description** The default configuration of the software has an improper ScriptAlias directive for `phppath`, which makes it easier for remote attackers to execute arbitrary code via a crafted request. **Recommendations** For Parallels Plesk Panel versions 9.0.x through 9.2.x, update the ScriptAlias directive to properly restrict access to the `phppath`. For Small Business Panel versions 10.x, update the ScriptAlias directive to properly restrict access to the `phppath`.

**Name of the Vulnerable Software and Affected Versions** SSH Tectia Server versions 6.0.4 through 6.0.20 SSH Tectia Server versions 6.1.0 through 6.1.12 SSH Tectia Server versions 6.2.0 through 6.2.5 SSH Tectia Server versions 6.3.0 through 6.3.2 **Description** The issue allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords when old-style password authentication is enabled. This can be demonstrated by a root login session from a modified OpenSSH client. **Recommendations** For SSH Tectia Server versions 6.0.4 through 6.0.20, disable old-style password authentication to prevent exploitation. For SSH Tectia Server versions 6.1.0 through 6.1.12, disable old-style password authentication to prevent exploitation. For SSH Tectia Server versions 6.2.0 through 6.2.5, disable old-style password authentication to prevent exploitation. For SSH Tectia Server versions 6.3.0 through 6.3.2, disable old-style password authentication to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** glibc versions 2.3.4 glibc versions prior to 2.15-r3 **Description** The issue concerns multiple vulnerabilities in the glibc package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. The vulnerabilities may cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file. **Recommendations** For glibc versions 2.3.4, consider updating to a version prior to 2.15-r3 to resolve the issue. For glibc versions prior to 2.15-r3, update to version 2.15-r3 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` tzfile read` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Serv-U FTP Server versions prior to 11.1.0.5 **Description** A directory traversal issue allows remote authenticated users to read and write arbitrary files, and list and create arbitrary directories, by using a "..:/" (dot dot colon forward slash) in the list, put, or get commands. **Recommendations** For versions prior to 11.1.0.5, update to version 11.1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the list, put, and get commands until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 1.3.x through 2.0.64 Apache HTTP Server versions 2.2.x through 2.2.19 **Description** The issue arises from the incorrect handling of HTTP requests with modified Range header content, leading to the device ceasing to respond to HTTP requests. Specifically, the byterange filter in the Apache HTTP Server allows remote attackers to cause a denial of service via a Range header that expresses multiple overlapping ranges. This has been exploited in the wild, resulting in memory and CPU consumption. **Recommendations** For Apache HTTP Server versions 1.3.x through 2.0.64, update to a version later than 2.0.64 to resolve the issue. For Apache HTTP Server versions 2.2.x through 2.2.19, update to a version later than 2.2.19 to resolve the issue. As a temporary workaround, consider restricting access to the `Range` header in HTTP requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SunScreen Firewall version on SunOS 5.9 **Description** The issue concerns untrusted search path vulnerabilities in the Java Service of SunScreen Firewall on SunOS 5.9, allowing local users to execute arbitrary code. This can be achieved by modifying the `PATH` or `LD LIBRARY PATH` environment variables. **Recommendations** For SunScreen Firewall on SunOS 5.9, consider restricting access to the Java Service to minimize the risk of exploitation. As a temporary workaround, avoid using modified `PATH` or `LD LIBRARY PATH` environment variables until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM AIX versions 5.3 and earlier **Description** The issue is related to a buffer overflow in the ftpd component, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a long NLST command. **Recommendations** For IBM AIX versions 5.3 and earlier, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Premier Pro CS4 version 4.0.0 **Description** The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse `ibfs32.dll` located in the same folder as certain file types, including `.pproj`, `.prfpset`, `.prexport`, `.prm`, `.prmp`, `.prpreset`, `.prproj`, `.prsl`, `.prtl`, or `.vpr` files. **Recommendations** For Adobe Premier Pro CS4 version 4.0.0, consider removing or restricting access to the `ibfs32.dll` file in folders containing the specified file types to minimize the risk of exploitation. Additionally, avoid opening projects or files from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NTSOFT BBS E-Market Professional (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `page`, `bt code`, and `b no` parameters in a board view action. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Multi Website version 1.5 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Browse` parameter in a `vote` action in the `index.php` file. Recommendations: For version 1.5, avoid using the `Browse` parameter in the `vote` action until the issue is resolved. As a temporary workaround, consider restricting access to the `index.php` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: x10 MP3 Search engine version 1.6.5 Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via several parameters, including the `pic id` parameter to "includes/video ad.php", the `category` parameter to "linkvideos listing.php", the `id` parameter to "templates/header1.php" and "mp3/lyrics.php", the `key` parameter to "video listing.php" and "adult/video listing.php", and the `name` parameter to "mp3/embed.php" and "mp3/info.php". Recommendations: For x10 MP3 Search engine version 1.6.5, consider disabling the affected parameters, such as `pic id`, `category`, `id`, `key`, and `name`, in their respective scripts until a patch is available. Restrict access to the vulnerable scripts, including "includes/video ad.php", "linkvideos listing.php", "templates/header1.php", "mp3/lyrics.php", "video listing.php", "adult/video listing.php", "mp3/embed.php", and "mp3/info.php", to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Drupal Date module versions prior to 6.x-2.3 Description: A cross-site scripting (XSS) issue exists in the Date Tools sub-module of the Date module, allowing remote authenticated users with specific privileges to inject arbitrary web script or HTML via a "Content type label" field. This can be exploited by users with "use date tools" or "administer content types" privileges. Recommendations: For versions prior to 6.x-2.3, update to version 6.x-2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Content type label" field for users with "use date tools" or "administer content types" privileges until the update is applied.

Name of the Vulnerable Software and Affected Versions: Drupal Calendar module version 6.x before 6.x-2.2 Description: A cross-site scripting (XSS) issue exists in the Calendar module for Drupal, allowing remote authenticated users with "create new content types" privileges to inject arbitrary web script or HTML via the title of a content type. Recommendations: For Drupal Calendar module version 6.x before 6.x-2.2, update to version 6.x-2.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: simplePHPWeb version 0.2 Description: The issue in simplePHPWeb allows remote attackers to perform administrative actions without requiring authentication. This is due to a lack of authentication in the admin/files.php file. Recommendations: For simplePHPWeb version 0.2, consider implementing proper authentication mechanisms for the admin/files.php file to prevent unauthorized access. As a temporary workaround, restrict access to the admin/files.php file until a proper fix is applied.

Name of the Vulnerable Software and Affected Versions: IBM WebSphere MQ versions 7.0.0.0 through 7.0.0.2 Description: The issue is related to an unspecified vulnerability in the rriDecompress function, which allows remote attackers to cause a denial of service via unknown vectors. Recommendations: For versions 7.0.0.0 through 7.0.0.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Information Services (IIS) versions 5.0 through 6.0 **Description** The issue is related to a buffer overflow in the FTP Service of Microsoft Internet Information Services (IIS). This occurs when handling a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption. The vulnerability can be exploited by remote authenticated users to execute arbitrary code or cause a denial of service. The problem arises from the way the `ftpsvc2.dll` module processes directory paths, specifically when handling the parent directory symbol (`..`) and the wildcard symbol (`*`), which can result in the doubling of the resulting directory path and the overflow of a limited-size stack buffer (260 bytes). **Recommendations** For Microsoft Internet Information Services (IIS) versions 5.0 through 6.0, consider disabling the FTP Service until a patch is available to prevent potential exploitation. Restrict access to the `ftpsvc2.dll` module to minimize the risk of exploitation. Avoid using the NLST command with wildcards in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apache APR-util versions prior to 1.3.7 Apache HTTP Server (affected versions not specified) Description: The issue allows remote attackers to cause a denial of service due to excessive memory consumption. This can be achieved by sending a crafted XML document containing a large number of nested entity references. For example, this could be demonstrated by a PROPFIND request. The problem is related to the expat XML parser in the apr xml * interface. Recommendations: For Apache APR-util versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. For the Apache HTTP Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 7.0 through 7.x **Description** The issue arises from the way `sys term.c` in `telnetd` handles environment variables. Specifically, it uses a method to delete dangerous environment variables that was valid only in older FreeBSD distributions. This could allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client. For example, an attacker could pass an `LD PRELOAD` value that references a malicious library. **Recommendations** For FreeBSD versions 7.0 through 7.x, update to a version that uses a secure method to handle environment variables, ensuring that dangerous variables are properly deleted to prevent arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** Sun Solaris versions 10 and 11 snv 101b OpenSolaris versions prior to snv 108 **Description** The issue allows remote attackers to cause a denial of service, resulting in a system crash, by sending a crafted IPv6 packet. This is related to insufficient validation. **Recommendations** For Sun Solaris versions 10 and 11 snv 101b, consider restricting access to IPv6 packets until a fix is available. For OpenSolaris versions prior to snv 108, avoid using IPv6 functionality until the issue is resolved. As a temporary workaround, consider disabling IPv6 support to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3 and earlier Description: The issue is a stack-based buffer overflow in the Apache Connector (mod wl) that allows remote attackers to execute arbitrary code via a long HTTP version string. This can be demonstrated by a string after "POST /.jsp" in an HTTP request. Recommendations: For Oracle WebLogic Server versions 10.3 and earlier, consider updating to a version that is not affected by this issue. As a temporary workaround, restrict access to the Apache Connector (mod wl) to minimize the risk of exploitation.