Oliver Karow

**Name of the Vulnerable Software and Affected Versions** MailScan version 5.6.a espatch 1 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by making a direct request with either an `IsAdmin` cookie set to `true` or by not including a cookie in the request. **Recommendations** For MailScan version 5.6.a espatch 1, consider restricting access to the Web Based Administration interface until a patch is available. As a temporary workaround, avoid using the Web Based Administration feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BitDefender Update Server (http.exe) versions (affected versions not specified) **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files by using .. (dot dot) sequences in an HTTP request. This affects BitDefender products, including Security for Fileservers and Enterprise Manager (BDEM). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3 Description: The issue allows remote attackers to bypass authentication. This is achieved by specifying the eventcache directory and a non-GIF file through a `name` parameter, which causes the `$dontvalidate` variable to be set to `true`. Recommendations: For Secure Computing SecurityReporter (aka Network Security Analyzer) version 4.6.3, consider restricting access to the `file.cgi` to minimize the risk of exploitation until a patch is available. Avoid using the `name` parameter in the affected endpoint to prevent authentication bypass.

**Name of the Vulnerable Software and Affected Versions** 2X ThinClientServer Enterprise Edition versions prior to 4.0.2248 **Description** The issue allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. **Recommendations** For versions prior to 4.0.2248, update to version 4.0.2248 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP DB and MaxDB versions prior to 7.6.00.30 **Description** The issue is related to a buffer overflow that can be triggered by a long database name when connecting via a WebDBM client, allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to 7.6.00.30, update to version 7.6.00.30 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Astaro Security Linux version 6.0 **Description** The issue concerns the HTTP proxy in Astaro Security Linux, which fails to properly filter HTTP CONNECT requests to localhost. This allows remote attackers to bypass firewall rules and connect to local services. **Recommendations** For Astaro Security Linux version 6.0, consider restricting access to the HTTP proxy or implementing additional firewall rules to minimize the risk of exploitation. As a temporary workaround, restrict access to local services to prevent unauthorized connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Astaro Security Linux version 6.0 **Description** The issue allows remote authenticated Webmin users to read arbitrary files. This is achieved by using a .. (dot dot) in the `wfe download` parameter to the "index.fpl" endpoint. **Recommendations** For Astaro Security Linux version 6.0, consider restricting access to the `wfe download` parameter in the "index.fpl" endpoint to minimize the risk of exploitation. Avoid using the `wfe download` parameter with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Astaro Security Linux version 6.0 **Description** The issue allows remote attackers to obtain sensitive information via an invalid request. This is achieved by revealing a Proxy-authorization string in an error message, which can be exploited to gain access to sensitive data. **Recommendations** For Astaro Security Linux version 6.0, consider restricting access to the HTTP proxy to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Blue Coat Reporter versions prior to 7.1.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the `username` in an Add User window or the `volatile.license to add` parameter, which represents the license key, in the Licensing page. **Recommendations** For versions prior to 7.1.2, update to version 7.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Add User window and the Licensing page to minimize the risk of exploitation. Avoid using the `volatile.license to add` parameter in the Licensing page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Blue Coat Reporter versions prior to 7.1.2 **Description** The issue allows authenticated users to gain administrator privileges via an HTTP POST request. This is achieved by setting the `volatile.user.administrator` variable to true. **Recommendations** For versions prior to 7.1.2, update to version 7.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `templates.admin.users.user form processing` template to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** RSA Authentication Agent for Web version 5.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `postdata` parameter. This can lead to unauthorized actions on the affected system. **Recommendations** For RSA Authentication Agent for Web version 5.2, consider restricting access to the vulnerable component until a patch is available. Avoid using the `postdata` parameter in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SonicWALL SOHO version 5.1.7.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the URL or the user login name. This occurs because the user login name is not filtered when the administrator views the log file. **Recommendations** For SonicWALL SOHO version 5.1.7.0, consider filtering user input to prevent the injection of arbitrary web script or HTML, and restrict access to the log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebWasher Classic versions 2.2.1 and 3.3 **Description** The issue concerns a problem where WebWasher Classic, when running in server mode, fails to properly handle CONNECT requests to the localhost from external systems. This could potentially allow remote attackers to bypass intended access restrictions. **Recommendations** For WebWasher Classic version 2.2.1, update to a version that properly handles CONNECT requests. For WebWasher Classic version 3.3, update to a version that properly handles CONNECT requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailEnable Professional version 1.18 **Description** The HTTPMail service in MailEnable Professional does not properly handle arguments to the `Authorization` header, allowing remote attackers to cause a denial of service, resulting in a null dereference and application crash. **Recommendations** For MailEnable Professional version 1.18, consider restricting access to the `Authorization` header until a patch is available. As a temporary workaround, disabling the HTTPMail service may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetIQ WebTrends Reporting Center Enterprise Edition version 6.1a **Description** The issue allows remote attackers to determine the installation path of the software. This is achieved by providing an invalid `profileid` parameter, which results in an error message that leaks the pathname. **Recommendations** For version 6.1a, avoid using the `profileid` parameter in the viewreport.pl script until a fix is available. As a temporary workaround, consider restricting access to the viewreport.pl script to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: F-Secure Policy Manager version 5.11.2810 Description: The issue allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to "fsmsh.dll" without any parameters. Recommendations: For F-Secure Policy Manager version 5.11.2810, consider restricting access to the fsmsh.dll module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aldo's Web Server (aweb) version 1.5 **Description** The issue allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. This is a directory traversal vulnerability. **Recommendations** For version 1.5, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, restrict the use of HTTP GET requests that contain .. (dot dot) sequences until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bajie Java HTTP Server versions 0.95 through 0.95zxv4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the query string to "test.txt", the `guestName` parameter to the "custMsg" servlet, or the `cookiename` parameter to the "CookieExample" servlet. **Recommendations** For Bajie Java HTTP Server versions 0.95 through 0.95zxv4, consider disabling the "custMsg" and "CookieExample" servlets until a patch is available. Restrict access to "test.txt" to minimize the risk of exploitation. Avoid using the `guestName` and `cookiename` parameters in the affected servlets until the issue is resolved.