Alexey Sintsov

**Name of the Vulnerable Software and Affected Versions** PySAML2 versions prior to 5.0.0 **Description** The issue is related to incorrect verification of cryptographic signatures in SAML2 documents, allowing a remote attacker to bypass signature checks and access protected information. This is due to the library being affected by XML Signature Wrapping (XSW), where the signature information and the node/object that is signed can be in different places, causing the signature verification to succeed but using the wrong data. This specifically affects the verification of assertions that have been signed. **Recommendations** For PySAML2 versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the use of SAML2 assertions until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office versions 2007 SP2 through 2007 SP3 Microsoft Office 2010 Gold and 2010 SP1 Microsoft Office for Mac 2011 **Description** A remote code execution issue exists in the way Microsoft Word handles specially crafted Word files, allowing attackers to execute arbitrary code. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Office 2007 SP2 and SP3, update to a version that is not affected by this issue. For Microsoft Office 2010 Gold and SP1, update to a version that is not affected by this issue. For Microsoft Office for Mac 2011, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of Microsoft Word to open specially crafted Word files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Fusion Middleware versions 10.1.3.4 through 10.1.3.5 **Description** The issue affects confidentiality and is related to the Import Server in the Oracle Document Capture component. Details about exploitation include the `ImportBodyText` method in the `emsmtp.dll` ActiveX control, where attackers may be able to read arbitrary files by providing a full pathname as the first argument. **Recommendations** For Oracle Fusion Middleware versions 10.1.3.4 and 10.1.3.5, consider restricting access to the Import Server and the EasyMail ActiveX control until a fix is available. As a temporary workaround, avoid using the `ImportBodyText` method in the `emsmtp.dll` control with untrusted input.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Business Client (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the SapThemeRepository ActiveX control, specifically in the sapwdpcd.dll component. This can be exploited by remote attackers to execute arbitrary code. The exploitation is possible via the `Load` and `LoadTheme` methods. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM BladeCenter with Advanced Management Module (AMM) firmware versions prior to 4.7 and 5.0 IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L **Description** The issue allows remote authenticated users to list arbitrary directories and possibly have other unspecified impacts via a .. (dot dot) in the `DIR` parameter in the private/file management.php file. **Recommendations** For IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, update to a version after BPET48L. For IBM BladeCenter with Advanced Management Module (AMM) firmware versions prior to 4.7, update to version 4.7 or later. For IBM BladeCenter with Advanced Management Module (AMM) firmware version 5.0, ensure you are running the latest patch for this version. As a temporary workaround, consider restricting access to the private/file management.php file until a patch is available. Avoid using the `DIR` parameter in the private/file management.php file with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IBM BladeCenter with Advanced Management Module (AMM) versions prior to 4.7 and 5.0 IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several parameters to various PHP files. The affected parameters include `INDEX`, `IPADDR`, `domain`, `slot`, `WEBINDEX`, and `SLOT` in files such as `private/cindefn.php`, `private/power management policy options.php`, `private/pm temp.php`, `private/power module.php`, `private/blade leds.php`, and `private/ipmi bladestatus.php`. **Recommendations** For IBM BladeCenter with Advanced Management Module (AMM) versions prior to 4.7 and 5.0, update to version 4.7 or 5.0 to resolve the issue. For IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, update to a version later than BPET48L to resolve the issue. As a temporary workaround, consider restricting access to the affected PHP files until a patch is available. Avoid using the parameters `INDEX`, `IPADDR`, `domain`, `slot`, `WEBINDEX`, and `SLOT` in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Motorola SB5100E Cable Modem (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a device crash. This can be achieved by sending an IP packet with the same source and destination IPs and ports, and with the SYN flag set. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.