Albert Puigsech Galicia

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5 and 6 **Description** A CRLF injection issue allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command. This causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session. For example, a DELE command can be used to demonstrate this issue. A trailing "//" can force the browser to try to reuse an existing authenticated connection. **Recommendations** For Microsoft Internet Explorer version 5, avoid using ftp:// URLs that contain URL-encoded CRLF (%0D%0A) until a fix is available. For Microsoft Internet Explorer version 6, consider disabling the reuse of existing authenticated FTP connections as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Unzip versions 5.51 and earlier **Description** The issue is related to the extraction of setuid or setgid files, where the software does not properly warn the user. This may allow local users to gain privileges. **Recommendations** For Unzip versions 5.51 and earlier, update to a version that properly handles the extraction of setuid or setgid files to prevent potential privilege escalation.

**Name of the Vulnerable Software and Affected Versions** ZipGenius versions 5.5 and earlier **Description** A directory traversal issue allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences. **Recommendations** For versions 5.5 and earlier, update to a version later than 5.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WinRAR versions 3.42 and earlier **Description** A directory traversal issue exists when a user extracts a ZIP file, allowing remote attackers to create arbitrary files by including a ... (triple dot) in the filename of the ZIP file. **Recommendations** For versions 3.42 and earlier, update to a version later than 3.42 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 through 6.0 Description: A directory traversal issue allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. Recommendations: For Microsoft Internet Explorer versions 5.01 through 6.0, consider disabling access to malicious FTP servers as a temporary workaround until a patch is available. Restrict the use of FTP functionality in these versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** U.S. Robotics USR808054 wireless access point (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, potentially leading to a device crash, and may also enable the execution of arbitrary code. This can be achieved by sending an HTTP GET request with a long version string. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 5.x through 6.5 Description: The issue allows remote attackers to steal sensitive information via numeric fields. This can be demonstrated using the `viewlink` function and `cid` parameter, or through `index.php`. Recommendations: For PHP-Nuke versions 5.x through 6.5, consider restricting access to the Web Links module until a patch is available. As a temporary workaround, avoid using numeric fields in the Web Links module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cross-Referencing Linux (LXR) (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files, potentially leading to a breach of confidentiality of protected information. This can be achieved through directory traversal using .. (dot dot) sequences in the `v` parameter. The exploitation of this issue can be done remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gftp versions prior to 2.0.18 gftp-common (affected versions not specified) gftp-gtk (affected versions not specified) gftp-text (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the gftp package of the Debian GNU/Linux operating system, which can lead to a breach of protected information. These vulnerabilities can be exploited remotely. Specifically, a directory traversal vulnerability in gftp before version 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command, such as `/api/ftp/list`. **Recommendations** For gftp versions prior to 2.0.18, update to version 2.0.18 or later to resolve the issue. For gftp-common, gftp-gtk, and gftp-text, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Avoid using the `LIST` command in the affected API endpoint until the issue is resolved.