Steven M. Christey

**Name of the Vulnerable Software and Affected Versions** Aberdeen theme versions 6.x-1.x before 6.x-1.11 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the aberdeen breadcrumb function. This function is located in template.php in the Aberdeen theme for Drupal. When the theme is set to append the content title to the breadcrumb, remote attackers can inject arbitrary web script or HTML via the content title in a breadcrumb. **Recommendations** For Aberdeen theme versions 6.x-1.x before 6.x-1.11, update to version 6.x-1.11 or later to resolve the issue. As a temporary workaround, consider disabling the appending of content titles to breadcrumbs until a patch is available. Restrict access to the aberdeen breadcrumb function in template.php to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5 **Description** The issue is related to improper validation of the `start` parameter, which could allow remote attackers to conduct SQL injection attacks, obtain sensitive information, or cause a denial of service via a crafted value. This is related to the `cleanRequest` function in `QueryString.php` and the `constructPageIndex` function in `Subs.php`. **Recommendations** For Simple Machines Forum (SMF) versions prior to 1.1.13, update to version 1.1.13 or later. For Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.

**Name of the Vulnerable Software and Affected Versions** Simple Machines Forum (SMF) versions prior to 1.1.13 Simple Machines Forum (SMF) versions 2.x prior to 2.0 RC5 **Description** The issue arises from the PlushSearch2 function in Search.php, which incorrectly utilizes cached data when a temporary table has been created. This might allow remote attackers to obtain sensitive information via a search. **Recommendations** For versions prior to 1.1.13, update to version 1.1.13 or later. For versions 2.x prior to 2.0 RC5, update to version 2.0 RC5 or later.

**Name of the Vulnerable Software and Affected Versions** YUI versions 2.4.0 through 2.8.1 **Description** A cross-site scripting issue exists due to a vulnerability in the Flash component infrastructure. This allows remote attackers to inject arbitrary web script or HTML. The issue is related to vectors involving charts/assets/charts.swf. **Recommendations** For YUI versions 2.4.0 through 2.8.1, consider disabling the Flash component infrastructure as a temporary workaround until a patch is available. Restrict access to charts/assets/charts.swf to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Python versions prior to 3.2 **Description** The issue concerns the asyncore module in Python, which does not properly handle unsuccessful calls to the accept function. This lack of proper handling, combined with the absence of documentation on how daemon applications should manage such unsuccessful calls, facilitates denial of service attacks. These attacks can terminate daemon applications via network connections. **Recommendations** For versions prior to 3.2, consider updating to a version that properly handles unsuccessful calls to the accept function to prevent denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** PEAR Mail package versions 1.1.14, 1.2.0b2 **Description** The issue allows remote attackers to read and write arbitrary files via a crafted `recipients` parameter, and possibly other parameters, in the Mail/sendmail.php file. **Recommendations** For PEAR Mail package version 1.1.14, avoid using the `recipients` parameter in the affected API endpoint until the issue is resolved. For PEAR Mail package version 1.2.0b2, restrict access to the vulnerable Mail/sendmail.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Django versions 1.0 through 1.0.3 Django versions 1.1 through 1.1.0 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by providing a crafted input to either the `EmailField` (email address) or `URLField` (URL) that triggers excessive backtracking in a regular expression. **Recommendations** For Django versions 1.0 through 1.0.3, update to version 1.0.4 or later. For Django versions 1.1 through 1.1.0, update to version 1.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 2.6.31-rc1 **Description** The issue is related to a buffer overflow in the `perf copy attr` function, which can be triggered by providing "big size data" to the `perf counter open` system call. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code. **Recommendations** For Linux kernel version 2.6.31-rc1, consider applying a patch to fix the buffer overflow issue in the `perf copy attr` function. As a temporary workaround, restrict access to the `perf counter open` system call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JDK versions 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 **Description** The issue concerns an unspecified vulnerability in the XML Digital Signature verification functionality. It has unknown impact and attack vectors, with a relation to "XML SECURITY PATCH." **Recommendations** For JDK versions 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Information Services (IIS) versions 5.1 through 6.0 Description: The issue allows remote attackers to bypass protection mechanisms and access or modify files. This can be achieved by inserting a specific Unicode character at an arbitrary position in the URI. For example, inserting `%c0%af` into a `/protected/` initial pathname component can bypass password protection on the protected folder. Recommendations: For Microsoft Internet Information Services (IIS) versions 5.1 through 6.0, consider disabling the WebDAV extension until a patch is available to prevent bypassing of URI-based protection mechanisms. Restrict access to sensitive folders and files to minimize the risk of exploitation. Avoid using the WebDAV extension for sensitive operations until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: ImageMagick versions 6.5.2-8 GraphicsMagick (affected versions not specified) Description: The issue is related to an integer overflow in the XMakeImage function, which can be triggered by a crafted TIFF file. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code due to a buffer overflow. Recommendations: For ImageMagick versions 6.5.2-8, update to a version that fixes the integer overflow in the XMakeImage function. For GraphicsMagick, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PyCrypto version 2.0.1 **Description** A buffer overflow issue in the ARC2 module allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length. **Recommendations** For PyCrypto version 2.0.1, consider updating to a newer version that addresses this issue, as using a large ARC2 key length could lead to a denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.0 through 4.0.9 TYPO3 versions 4.1.0 through 4.1.7 TYPO3 versions 4.2.0 through 4.2.3 **Description** The issue allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer. Multiple vulnerabilities in the TYPO3 package may lead to a breach of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For versions 4.0.0 through 4.0.9, update to a version outside of this range to mitigate the risk. For versions 4.1.0 through 4.1.7, update to a version outside of this range to mitigate the risk. For versions 4.2.0 through 4.2.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the command-line indexer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** htop version 0.7 **Description** The issue allows local users to potentially hide processes, modify arbitrary files, or have unspecified other impact by utilizing a process name that contains non-printable characters, referred to as "crazy control strings." **Recommendations** For htop version 0.7, consider updating to a newer version that addresses this issue, as the current version may allow malicious process names to cause unintended consequences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.60 **Description** The issue allows remote attackers to obtain sensitive information and have other impacts by predicting the cache pathname of a cached Java applet and then launching this applet from the cache. This leads to the applet being executed within the local-machine context. **Recommendations** For Opera versions prior to 9.60, update to version 9.60 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.60 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code via a redirect that specifies a crafted URL. **Recommendations** For versions prior to 9.60, update to version 9.60 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.61 **Description** The issue allows remote attackers to create arbitrary new feed subscriptions and read the contents of arbitrary feeds due to improper blocking of scripts during the preview of a news feed. **Recommendations** For Opera versions prior to 9.61, update to version 9.61 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.52 **Description** The issue allows remote attackers to trigger the display of an arbitrary address in a frame via unspecified use of web script, due to the improper restriction of the ability of a framed web page to change the address associated with a different frame. **Recommendations** For Opera versions prior to 9.52, update to version 9.52 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.52 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 9.52, update to version 9.52 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Opera versions prior to 9.52 **Description** The issue arises when Opera processes custom shortcut and menu commands, potentially producing argument strings that contain uninitialized memory. This could allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to the activation of a shortcut. **Recommendations** For Opera versions prior to 9.52, update to version 9.52 or later to resolve the issue.