Sergey Scherbel

**Name of the Vulnerable Software and Affected Versions** Caucho Quercus versions prior to 4.0.29 **Description** The issue allows remote attackers to bypass intended restrictions on filename extensions for created files. This is achieved by including a %00 sequence in a pathname within an HTTP request. **Recommendations** For versions prior to 4.0.29, update to version 4.0.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Caucho Quercus versions prior to 4.0.29 **Description** The issue is related to an "HTTP Parameter Contamination" problem, where unspecified characters in variable names are not handled properly. This has unknown impact and can be exploited remotely. **Recommendations** For versions prior to 4.0.29, update to version 4.0.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Caucho Quercus versions prior to 4.0.29 **Description** The issue allows overwriting entries in the SERVER superglobal array based on POST parameters, which has unspecified impact and can be exploited remotely. **Recommendations** For versions prior to 4.0.29, update to version 4.0.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Caucho Quercus versions prior to 4.0.29 **Description** The issue is related to the improper implementation of the `==` operator for comparisons in Caucho Quercus, which has unspecified impact and context-dependent attack vectors. **Recommendations** For versions prior to 4.0.29, update to version 4.0.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Caucho Quercus in Resin versions prior to 4.0.29 **Description** A directory traversal issue allows remote attackers to create files in arbitrary directories by including a .. (dot dot) in a pathname within an HTTP request. **Recommendations** For versions prior to 4.0.29, update to version 4.0.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AtMail Open-Source @Mail WebMail Client version prior to 1.05 **Description** The issue allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension. This leads to the creation of an executable file under tmp/. **Recommendations** For versions prior to 1.05, update to version 1.05 or later to resolve the issue. As a temporary workaround, consider restricting the handling of e-mail attachments with executable extensions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AtMail Open-Source version 1.05 and earlier **Description** The issue concerns the compose.php file in the @Mail WebMail Client, which does not properly handle ../ (dot dot slash) sequences in the `unique` parameter. This allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .././ (dot dot dot slash dot slash) sequence. **Recommendations** For AtMail Open-Source versions prior to 1.05, update to version 1.05 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AtMail Open-Source versions prior to 1.05 **Description** The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities are located in the compose.php and libs/Atmail/SendMsg.php files of the @Mail WebMail Client in AtMail Open-Source. Remote attackers can exploit this issue by using a .. (dot dot) in the `Attachment[]` parameter to read arbitrary files. **Recommendations** For versions prior to 1.05, update to version 1.05 or later to resolve the issue. As a temporary workaround, consider restricting access to the compose.php and libs/Atmail/SendMsg.php files to minimize the risk of exploitation. Avoid using the `Attachment[]` parameter in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AtMail Open-Source versions prior to 1.05 **Description** The issue concerns a CRLF injection vulnerability in the mime.php file of the @Mail WebMail Client. This vulnerability allows remote attackers to conduct directory traversal attacks and read arbitrary files by including a %0A sequence followed by a .. (dot dot) in the `file` parameter. **Recommendations** For versions prior to 1.05, update to version 1.05 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AtMail Open-Source versions 1.04 and earlier **Description** The issue allows remote attackers to obtain configuration information by making a direct request to "install/info.php", which calls the `phpinfo()` function. **Recommendations** For AtMail Open-Source versions 1.04 and earlier, consider restricting access to the "install/info.php" file to prevent unauthorized disclosure of configuration information. As a temporary workaround, remove or disable the "install/info.php" file until a patch is available.