Steffen Joeris

**Name of the Vulnerable Software and Affected Versions** Drupal OpenID module versions prior to 6.18 Drupal OpenID module 5.x versions prior to 5.x-1.4 **Description** The issue concerns the OpenID module in Drupal, which fails to verify the `openid.return to` value as per the OpenID 2.0 protocol. This allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider. **Recommendations** For Drupal 6.x, update to version 6.18 or later. For Drupal 5.x, update to OpenID module version 5.x-1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal OpenID module versions prior to 6.18 Drupal OpenID module 5.x versions prior to 5.x-1.4 **Description** The issue concerns the OpenID module in Drupal, which fails to adhere to the OpenID 2.0 protocol. Specifically, it does not check for the reuse of `openid.response nonce` values. This oversight allows remote attackers to bypass authentication by utilizing an assertion from an OpenID provider. **Recommendations** For Drupal 6.x, update to version 6.18 or later. For Drupal 5.x, update to OpenID module version 5.x-1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 6.18 **Description** The issue allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via various means, including an action description, an action message, a node, or a taxonomy term. This is related to the actions feature and the trigger module. **Recommendations** For versions prior to 6.18, update to version 6.18 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 5.x before 5.23 Drupal versions 6.x before 6.18 **Description** The issue allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue. **Recommendations** For Drupal versions 5.x before 5.23, update to version 5.23 or later. For Drupal versions 6.x before 6.18, update to version 6.18 or later.

**Name of the Vulnerable Software and Affected Versions** Drupal versions 5.x prior to 5.23 Drupal versions 6.x prior to 6.18 **Description** The issue arises from the upload module's improper handling of case-insensitive filename handling in a database configuration. This allows remote authenticated users to bypass intended restrictions on downloading a file by uploading a different file with a similar name. **Recommendations** For Drupal versions 5.x prior to 5.23, update to version 5.23 or later. For Drupal versions 6.x prior to 6.18, update to version 6.18 or later.

**Name of the Vulnerable Software and Affected Versions** Best Practical Solutions RT versions 3.4.6 through 3.8.4 Best Practical Solutions RT versions 3.6.x through 3.6.8 Best Practical Solutions RT versions 3.8.x through 3.8.4 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields. This can be achieved by exploiting the vulnerability in Custom Fields, which enables the injection of malicious code. **Recommendations** For versions 3.4.6 through 3.8.4, update to version 3.8.5 or later. For versions 3.6.x through 3.6.8, update to version 3.6.9 or later. For versions 3.8.x through 3.8.4, update to version 3.8.5 or later.

Name of the Vulnerable Software and Affected Versions: PyGreSQL versions 3.8.1 and 4.0 Description: The issue arises from improper support of the PQescapeStringConn function in the pygresql module, potentially allowing remote attackers to exploit escaping issues involving multibyte character encodings. This can lead to SQL injections when processing certain multi-byte character sequences. The problem is due to PyGreSQL not using PostgreSQL's safe string and bytea functions in its own escaping functions. Recommendations: For PyGreSQL version 3.8.1, adjust applications to use the new connection.escape string() and connection.escape bytea() functions instead of pg.escape string() and pg.escape bytea(). For PyGreSQL version 4.0, adjust applications to use the new connection.escape string() and connection.escape bytea() functions instead of pg.escape string() and pg.escape bytea().

**Name of the Vulnerable Software and Affected Versions** libpurple versions 2.6.0 through 2.6.2 Pidgin versions 2.6.0 and possibly other versions **Description** The issue concerns multiple vulnerabilities in the libpurple package, which can be exploited remotely to disrupt the confidentiality of protected information. Specifically, the `protocols/jabber/auth.c` file in libpurple does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification. This causes libpurple to connect to the server without the expected encryption, allowing remote attackers to sniff sessions. **Recommendations** For libpurple versions 2.6.0 through 2.6.2, consider disabling the vulnerable `auth.c` function until a patch is available. For Pidgin versions 2.6.0 and possibly other versions, restrict access to the `protocols/jabber/auth.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Coccinelle version 0.1.7 Description: The issue allows local users to overwrite arbitrary files via a symlink attack on an unspecified result file. Recommendations: For version 0.1.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** auth2db versions 0.2.5 through 0.2.6 **Description** The issue allows remote attackers to conduct SQL injection attacks using multibyte character encodings due to the use of the `addslashes` function instead of the `mysql real escape string` function. **Recommendations** For versions 0.2.5 through 0.2.6, update to version 0.2.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** avahi-daemon versions 0.6.23 through 0.6.24-r2 avahi-daemon version 0.6.23 **Description** The issue is related to the originates from local legacy unicast socket function in avahi-daemon, which does not properly handle the network byte order of a port number when processing incoming multicast packets. This allows remote attackers to cause a denial of service by consuming network bandwidth and CPU resources via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. The vulnerability can be exploited remotely and may lead to disruption of protected information availability. **Recommendations** For avahi-daemon versions 0.6.23 through 0.6.24-r2, update to version 0.6.24-r2 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dkim-milter versions 2.6.0 through 2.8.0 **Description** The issue allows remote attackers to cause a denial of service by signing a message with a revoked key, triggering an assertion error. **Recommendations** For versions 2.6.0 through 2.8.0, update to a version that fixes the assertion error triggered by a revoked key in DNS.

**Name of the Vulnerable Software and Affected Versions** Blender version 2.46 **Description** The issue is related to an untrusted search path vulnerability in the BPY interface of Blender, allowing local users to execute arbitrary code via a Trojan horse Python file in the current working directory. This is due to an erroneous setting of `sys.path` by the `PySys SetArgv` function. **Recommendations** For Blender version 2.46, consider restricting the execution of Python files from untrusted sources to minimize the risk of exploitation. As a temporary workaround, avoid using the `PySys SetArgv` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Snoopy versions 1.2.3 and earlier ampache (affected versions not specified) libphp-snoopy (affected versions not specified) mahara (affected versions not specified) mediamate (affected versions not specified) opendb (affected versions not specified) pixelpost (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs, specifically through the ` httpsrequest` function in Snoopy. **Recommendations** For Snoopy versions 1.2.3 and earlier, update to a version later than 1.2.3 to resolve the issue. For ampache, consider disabling the ` httpsrequest` function until a patch is available. For libphp-snoopy, restrict access to the ` httpsrequest` function to minimize the risk of exploitation. For mahara, mediamate, opendb, and pixelpost, avoid using the ` httpsrequest` function in Snoopy until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability in the other affected products.

Name of the Vulnerable Software and Affected Versions: FAAD2 versions 2.6.1 and earlier Description: The issue is related to a heap-based buffer overflow in the decodeMP4file function, located in frontend/main.c. This can be triggered by remote attackers using a crafted MPEG-4 (MP4) file, potentially leading to a denial of service (crash) and possibly allowing the execution of arbitrary code. Recommendations: For FAAD2 versions 2.6.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gmanedit version 0.4.1 **Description** A heap-based buffer overflow issue exists in the open man file function, located in callbacks.c, due to improper handling during utf8 conversion of a crafted man page. This could allow remote attackers to execute arbitrary code. **Recommendations** For gmanedit version 0.4.1, update to a newer version that addresses this issue, as the current version is susceptible to a heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to r13993 **Description** The issue is related to a stack-based buffer overflow in the `str read packet` function, which can be exploited by remote attackers to cause a denial of service or execute arbitrary code via a crafted STR file. This can lead to an application crash or allow an attacker to execute arbitrary code. The vulnerability is caused by the interleaving of audio and video sectors in a specially crafted STR file. **Recommendations** For FFmpeg versions prior to r13993, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the `str read packet` function in libavformat/psxstr.c until a patch is available. Avoid using the vulnerable function to process untrusted STR files until the issue is resolved.