Nicob

Name of the Vulnerable Software and Affected Versions: Ektron Content Management System (CMS) versions prior to 8.02 SP5 Description: The issue allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data, due to the use of the XslCompiledTransform class with enablescript set to true. Recommendations: For versions prior to 8.02 SP5, update to version 8.02 SP5 or later to resolve the issue. As a temporary workaround, consider disabling the use of the XslCompiledTransform class with enablescript set to true until a patch is available. Restrict access to XSL data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Novell eDirectory versions 8.7.3 before sp10 and 8.8.2 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, via an HTTP request. This can be achieved by sending a request with either multiple `Connection` headers or a single `Connection` header that contains multiple comma-separated values. **Recommendations** For Novell eDirectory version 8.7.3, apply service pack 10 or later to resolve the issue. For Novell eDirectory version 8.8.2, consider restricting access to the `dhost.exe` component until a patch is available. As a temporary workaround, limit the handling of HTTP requests with multiple `Connection` headers or comma-separated values in the `Connection` header to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: phpMyVisites versions prior to 2.2 Description: The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the `url` parameter, when the `pagename` parameter begins with "FILE:". Recommendations: For versions prior to 2.2, update to version 2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP Web Application Server versions prior to 6.40 patch 6 **Description** The issue allows remote attackers to cause a denial of service, resulting in an enserver.exe crash, by sending a certain UDP packet to port 64999. This is often referred to as a "two bytes UDP crash". **Recommendations** For SAP Web Application Server versions prior to 6.40 patch 6, apply patch 6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP (affected versions not specified) **Description** The issue allows remote attackers to obtain potentially sensitive information, including the operating system and SAP version, by sending an RFC SYSTEM INFO RfcCallReceive request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAP Web Application Server versions 6.40 before patch 136 SAP Web Application Server versions 7.00 before patch 66 Description: The issue allows remote attackers to read arbitrary files by sending crafted data on a "3200+SYSNR" TCP port. This can be demonstrated by exploiting port 3201. Additionally, local users can leverage this issue to access a named pipe as the SAPServiceJ2E user. Recommendations: For SAP Web Application Server version 6.40, apply patch 136 to resolve the issue. For SAP Web Application Server version 7.00, apply patch 66 to resolve the issue. As a temporary workaround, consider restricting access to the "3200+SYSNR" TCP port to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SAP Web Application Server versions 6.40 before patch 136 SAP Web Application Server versions 7.00 before patch 66 Description: The issue allows remote attackers to cause a denial of service, resulting in an enserver.exe crash, by sending a specific sequence, 0x72F2, on UDP port 64999. Recommendations: For SAP Web Application Server version 6.40, apply patch 136 to resolve the issue. For SAP Web Application Server version 7.00, apply patch 66 to resolve the issue.