Stefano Di Paola

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08 and versions 4.3 through 4.3.0.CP07 **Description** The issue is related to insufficient access control in the JMX-Console web application. This allows remote attackers to send requests to the application's handler using a different method, potentially disclosing protected information. **Recommendations** For versions 4.2 through 4.2.0.CP08, update to version 4.2.0.CP09 or later. For versions 4.3 through 4.3.0.CP07, update to version 4.3.0.CP08 or later. As a temporary workaround, consider restricting access to the JMX-Console web application until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** FusionCharts (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability in ActionScript within arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts. This allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the `dataURL` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft XML Core Services versions 3.0 through 6.0 **Description** The issue allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, such as the `Transfer-Encoding` field. This could enable an attacker to read data from a Web page in another domain in Internet Explorer if a user browses a Web site that contains specially crafted content or opens specially crafted HTML e-mail. **Recommendations** For Microsoft XML Core Services versions 3.0 through 6.0, consider disabling the handling of `Transfer-Encoding` headers as a temporary workaround until a patch is available. Restrict access to specially crafted Web sites and HTML e-mail to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Flash Player versions 9.0.124.0 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute. **Recommendations** For Adobe Flash Player versions 9.0.124.0 and earlier, update to a version later than 9.0.124.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 7 **Description** The issue concerns the setRequestHeader method of the XMLHttpRequest object, which fails to restrict the dangerous Transfer-Encoding HTTP request header. This allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks by sending a POST request containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size. **Recommendations** For Microsoft Internet Explorer 7, consider disabling the use of the setRequestHeader method for the XMLHttpRequest object until a fix is available, or avoid using the `Transfer-Encoding` header in requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 7.0.5730.11 **Description** A CRLF injection issue exists in the Digest Authentication support, allowing remote attackers to conduct HTTP response splitting attacks by including a LF (%0a) in the `username` attribute. **Recommendations** For Microsoft Internet Explorer version 7.0.5730.11, consider avoiding the use of Digest Authentication until a fix is available, or restrict access to sensitive resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 8.0 and earlier **Description** The issue concerns a problem with cross-site request forgery (CSRF) protection. It does not properly validate the HTTP REFERER, allowing remote attackers to conduct CSRF attacks. **Recommendations** For PHP-Nuke versions 8.0 and earlier, ensure the SERVER superglobal is validated as an array before checking the HTTP REFERER to prevent CSRF attacks.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader Plugin versions prior to 8.0.0 Adobe Reader versions prior to 7.1.4 Adobe Reader versions prior to 8.1.7 Adobe Reader versions prior to 9.2 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, when a long sequence of # (hash) characters is appended to a PDF URL. This is related to a cross-site scripting issue and can occur when the plugin is used with browsers such as Internet Explorer, Google Chrome, or Opera. **Recommendations** For Adobe Acrobat Reader Plugin version prior to 8.0.0, update to version 8.0.0 or later. For Adobe Reader version prior to 7.1.4, update to version 7.1.4 or later. For Adobe Reader version prior to 8.1.7, update to version 8.1.7 or later. For Adobe Reader version prior to 9.2, update to version 9.2 or later.

Name of the Vulnerable Software and Affected Versions: MySQL versions 5.0.x up to 5.0.20 Description: A buffer overflow issue exists in the open table function in sql base.cc, potentially allowing remote attackers to execute arbitrary code via crafted COM TABLE DUMP packets with invalid length values. Recommendations: For MySQL versions 5.0.x up to 5.0.20, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: MySQL versions 4.0.x up to 4.0.26 MySQL versions 4.1.x up to 4.1.18 MySQL versions 5.0.x up to 5.0.20 Description: The issue allows remote attackers to obtain sensitive information via a COM TABLE DUMP request with an incorrect packet length, which includes portions of memory in an error message. Recommendations: For MySQL versions 4.0.x up to 4.0.26, update to a version later than 4.0.26 to resolve the issue. For MySQL versions 4.1.x up to 4.1.18, update to a version later than 4.1.18 to resolve the issue. For MySQL versions 5.0.x up to 5.0.20, update to a version later than 5.0.20 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: MySQL versions 4.0.x up to 4.0.26 MySQL versions 4.1.x up to 4.1.18 MySQL versions 5.0.x up to 5.0.20 Description: The issue allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. This occurs due to the `check connection` function in sql parse.cc. Recommendations: For MySQL versions 4.0.x up to 4.0.26, update to a version later than 4.0.26 to resolve the issue. For MySQL versions 4.1.x up to 4.1.18, update to a version later than 4.1.18 to resolve the issue. For MySQL versions 5.0.x up to 5.0.20, update to a version later than 5.0.20 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.0.23 and earlier MySQL versions 4.1.x up to 4.1.10 **Description** The issue allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries. This is achieved by using INSERT INTO to modify the `mysql.func` table, which is processed by the `udf init` function. **Recommendations** For MySQL versions 4.0.23 and earlier, update to a version later than 4.0.23 to resolve the issue. For MySQL versions 4.1.x up to 4.1.10, update to a version later than 4.1.10 to resolve the issue. As a temporary workaround, consider restricting INSERT and DELETE privileges to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.0.23 and earlier, and 4.1.x up to 4.1.10 **Description** The issue allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack, due to the use of predictable file names when creating temporary tables. **Recommendations** For MySQL versions 4.0.23 and earlier, and 4.1.x up to 4.1.10, consider restricting the CREATE TEMPORARY TABLE privilege to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 4.0.23 and earlier MySQL versions 4.1.x up to 4.1.10 **Description** The issue allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, such as `strcat`, `on exit`, and `exit`. **Recommendations** For MySQL versions 4.0.23 and earlier, update to a version later than 4.0.23 to resolve the issue. For MySQL versions 4.1.x up to 4.1.10, update to a version later than 4.1.10 to resolve the issue. As a temporary workaround, consider restricting the use of the CREATE FUNCTION statement to minimize the risk of exploitation.