Stefan Fritsch

**Name of the Vulnerable Software and Affected Versions** Polipo version 1.0.4 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a crash, via a request with a Cache-Control header that lacks a value for the `max-age` field. This triggers a segmentation fault in the `httpParseHeaders` function in `http parse.c`. There are possibly other unspecified vectors for this issue. The exploitation of these vulnerabilities can lead to disruption of protected information and can be carried out remotely. **Recommendations** For Polipo version 1.0.4, consider disabling the `httpParseHeaders` function in `http parse.c` as a temporary workaround until a patch is available. Restrict access to the Cache-Control header to minimize the risk of exploitation. Avoid using the `max-age` field without a value in the Cache-Control header until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: chetcpasswd versions 2.4.1 and earlier Description: The issue allows remote attackers to bypass intended restrictions implemented through PAM, as the custom code used to verify and update user accounts does not follow the PAM configuration. This is due to the custom code processing /etc/shadow. Recommendations: For versions 2.4.1 and earlier, consider modifying the custom code to adhere to the PAM configuration to prevent bypassing of intended restrictions. As a temporary workaround, restrict access to the /etc/shadow file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: chetcpasswd versions prior to 2.4 Description: The issue is related to a heap-based buffer overflow that can be triggered by a long X-Forwarded-For HTTP header, potentially allowing remote attackers to cause a denial of service or possibly execute arbitrary code. Recommendations: For versions prior to 2.4, update to version 2.4 or later to resolve the issue. As a temporary workaround, consider restricting the length of the `X-Forwarded-For` HTTP header to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the `dir` parameter of the dir.php file. **Recommendations** For TorrentFlux version 2.2, update the dir.php file to properly handle URL-encoded strings in the `dir` parameter to prevent XSS attacks.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `torrent` parameter to API endpoints such as "details.php" and "startpop.php", when the `$cfg["enable file priority"]` is set to false. **Recommendations** For TorrentFlux version 2.2, consider setting `$cfg["enable file priority"]` to true as a temporary workaround to mitigate the risk of exploitation. Restrict access to the "details.php" and "startpop.php" API endpoints to minimize the risk of exploitation. Avoid using shell metacharacters in the `torrent` parameter until the issue is resolved.