L0Om

**Name of the Vulnerable Software and Affected Versions** Cosmoshop versions 8.11.106 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `artnum` parameter in the lshop.cgi script. **Recommendations** For Cosmoshop versions 8.11.106 and earlier, update to a version later than 8.11.106 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cosmoshop versions 8.11.106 and earlier **Description** A directory traversal issue exists, allowing remote administrators to read arbitrary files. This is achieved by using ".." sequences in the `file` parameter of the `edit mailtexte.cgi` and `bestmail.cgi` scripts. **Recommendations** For Cosmoshop versions 8.11.106 and earlier, as a temporary workaround, consider restricting access to the `edit mailtexte.cgi` and `bestmail.cgi` scripts until a patch is available. Avoid using the `file` parameter in these scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Michael Salzer Guestbox versions 0.6 through 0.7 **Description** The issue allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to "/gb/gblog". **Recommendations** For versions 0.6 through 0.7, update to version 0.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** D-Link DWL-G700AP versions 2.00 through 2.01 **Description** The issue allows remote attackers to cause a denial of service, specifically crashing the CAMEO HTTP service, by sending a request composed of "GET" followed by a space and two newlines. This could be due to missing arguments in the request. **Recommendations** For D-Link DWL-G700AP versions 2.00 and 2.01, consider restricting access to the CAMEO HTTP service until a fix is available. As a temporary workaround, avoid using the HTTP service with requests that include a "GET" method followed by a space and two newlines. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** cosmoshop versions 8.10.78 and earlier **Description** The issue allows local users to obtain sensitive information because passwords are stored in plaintext in the database. **Recommendations** For versions 8.10.78 and earlier, update to a version that securely stores passwords, such as using hashing and salting, to prevent local users from obtaining sensitive information.

**Name of the Vulnerable Software and Affected Versions** cosmoshop version 8.10.78 **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. **Recommendations** For cosmoshop version 8.10.78, update to a version that fixes the SQL injection vulnerability in the login function.

**Name of the Vulnerable Software and Affected Versions** cosmoshop versions 8.10.78 and earlier **Description** The issue allows remote administrators to read arbitrary files due to a directory traversal vulnerability. This is achieved by using ".." sequences in the `file` parameter of the bestmail edit.cgi endpoint. **Recommendations** For versions 8.10.78 and earlier, consider restricting access to the bestmail edit.cgi endpoint until a fix is available. As a temporary workaround, avoid using the `file` parameter with ".." sequences to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SuSE Linux version 9.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on several temporary files created by various scripts. These scripts include fvwm-bug, which creates /tmp/fvwm-bug, wm-oldmenu2new, which creates /tmp/wmmenu, x11perfcomp, which creates /tmp/rates, xf86debug, which creates /tmp/xf86debug.1.log, winpopup-send.sh, which creates /tmp/.winpopup-new, and lvmcreate initrd, which creates /tmp/initrd. **Recommendations** For SuSE Linux version 9.0, consider restricting access to the temporary files created by these scripts to prevent a symlink attack. As a temporary workaround, consider disabling the execution of these scripts until a patch is available. Restrict access to the /tmp directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.2 **Description** A directory traversal issue exists, allowing remote attackers to view arbitrary files by including a .. (dot dot) in the `filename` argument of the file manager.php script. **Recommendations** For osCommerce version 2.2, update the file manager.php script to properly sanitize the `filename` argument and prevent directory traversal attacks. As a temporary workaround, consider restricting access to the file manager.php script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** eTrust InoculateIT for Linux version 6.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on files in /tmp, specifically through the inoregupdate, uniftest, or unimove scripts. **Recommendations** For eTrust InoculateIT for Linux version 6.0, consider restricting access to the inoregupdate, uniftest, and unimove scripts to prevent local users from exploiting the symlink attack vulnerability. As a temporary workaround, restrict write access to sensitive files and directories that could be targeted by the attack.

**Name of the Vulnerable Software and Affected Versions** eTrust InoculateIT for Linux version 6.0 **Description** The issue concerns insecure permissions for multiple files and directories, including the application's registry and tmp directories. This allows local users to delete, modify, or examine sensitive information. **Recommendations** For eTrust InoculateIT for Linux version 6.0, consider changing the permissions of the affected files and directories to prevent local users from accessing sensitive information. Restrict access to the application's registry and tmp directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SuSE version 9.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. This is related to the SuSEconfig.gnome-filesystem script for YaST. **Recommendations** For SuSE version 9.0, consider restricting access to the SuSEconfig.gnome-filesystem script to prevent local users from exploiting this issue. As a temporary workaround, monitor and restrict the use of the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Antivir / Linux versions 2.0.9-9 and earlier **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `.pid antivir $$` temporary file. **Recommendations** For versions 2.0.9-9 and earlier, consider restricting access to the temporary file `.pid antivir $$` to prevent symlink attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Lotus Notes Domino version 6.0.2 **Description** The issue concerns a configuration file, specifically the notes.ini file, which is installed with world-writable permissions on Linux systems. This allows local users to modify the Notes configuration, potentially leading to privilege escalation. **Recommendations** For Lotus Notes Domino version 6.0.2, change the permissions of the notes.ini configuration file to prevent world-writable access, restricting modifications to authorized users only.

**Name of the Vulnerable Software and Affected Versions** Fujitsu Siemens NetWorker version 6.0 **Description** The issue allows local users to overwrite arbitrary files via a symlink attack on the `nsrsh[PID]` temporary file, which is created by the `nsr shutdown` function. **Recommendations** For Fujitsu Siemens NetWorker version 6.0, consider restricting access to the `nsr shutdown` function to prevent exploitation until a fix is available. As a temporary workaround, monitor the creation of the `nsrsh[PID]` temporary file to detect potential symlink attacks. At the moment, there is no information about a newer version that contains a fix for this issue.