R@B13$

Name of the Vulnerable Software and Affected Versions: SolarWinds Storage Manager versions prior to 5.1.2 SolarWinds Storage Profiler versions prior to 5.1.2 SolarWinds Backup Profiler versions prior to 5.1.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `loginName` field in the LoginServlet page. Recommendations: For SolarWinds Storage Manager versions prior to 5.1.2, update to version 5.1.2 or later. For SolarWinds Storage Profiler versions prior to 5.1.2, update to version 5.1.2 or later. For SolarWinds Backup Profiler versions prior to 5.1.2, update to version 5.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Novell GroupWise versions 8.0 before Support Pack 3 Novell GroupWise 2012 before Support Pack 1 **Description** A directory traversal issue exists in the agent HTTP interfaces, allowing remote attackers to read arbitrary files by including directory traversal sequences in a request. **Recommendations** For Novell GroupWise 8.0 before Support Pack 3, apply Support Pack 3 to resolve the issue. For Novell GroupWise 2012 before Support Pack 1, apply Support Pack 1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Alcatel-Lucent OmniVista 4760 versions R5.1.06.03 and earlier **Description** A directory traversal issue in the NMS server allows remote attackers to read arbitrary files via directory traversal sequences in HTTP GET requests, related to the `lang` variable. **Recommendations** For versions R5.1.06.03 and earlier, consider restricting access to the NMS server until a fix is available. As a temporary workaround, avoid using the `lang` variable in HTTP GET requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Citrix Application Gateway - Broadcast Server (BCS) versions prior to 6.1 Avaya AG250 - Broadcast Server versions prior to 2.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `txtUID` parameter in the "login.asp" file. **Recommendations** For Citrix Application Gateway - Broadcast Server (BCS) versions prior to 6.1, update to version 6.1 or later. For Avaya AG250 - Broadcast Server versions prior to 2.0, update to version 2.0 or later. As a temporary workaround, consider restricting access to the `login.asp` file until a patch is available. Avoid using the `txtUID` parameter in the affected login endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PacketTrap Networks pt360 Tool Suite versions 1.1.33.1.0 through 1.1.33.x and versions prior to 2.0.3900.0 **Description** The issue allows remote attackers to read and overwrite arbitrary files via directory traversal sequences in the pathname. **Recommendations** For versions 1.1.33.1.0 through 1.1.33.x and versions prior to 2.0.3900.0, update to version 2.0.3900.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pt360 Tool Suite versions 1.1.33.1.0 through 1.1.33.1.0, and other versions prior to 2.0.3900.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash, by sending a long TFTP packet. **Recommendations** For versions prior to 2.0.3900.0, update to version 2.0.3900.0 or later to resolve the issue.