Ascii

**Name of the Vulnerable Software and Affected Versions** Positive Technologies MaxPatrol 8 (affected versions not specified) Positive Technologies XSpider (affected versions not specified) **Description** The client communication service, listening on TCP port 2002, is susceptible to a remote denial-of-service condition. The service creates a new session identifier for each incoming connection but does not limit concurrent requests. An unauthenticated remote attacker can send repeated HTTPS requests to the service, leading to excessive session identifier allocation. This can cause session identifier collisions under load, resulting in the disconnection of active client sessions and service disruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Veeam Backup & Replication versions prior to 8.0 update 3 **Description** The issue allows local users to obtain sensitive information by reading log files with world-readable permissions, where local administrator credentials are stored. This is due to the storage of credentials in log files by VeeamVixProxy. **Recommendations** For versions prior to 8.0 update 3, update to version 8.0 update 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Boa versions 0.94.14rc21 **Description** The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This occurs because the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For Boa version 0.94.14rc21, as a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yaws version 1.85 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as Yaws writes data to a log file without sanitizing non-printable characters. **Recommendations** For Yaws version 1.85, consider sanitizing non-printable characters in log files to prevent potential exploitation. As a temporary workaround, restrict access to the log files and terminal emulators to minimize the risk of arbitrary command execution.

**Name of the Vulnerable Software and Affected Versions** AOLserver version 4.5.1 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For AOLserver version 4.5.1, consider sanitizing non-printable characters in log files to prevent potential exploitation. As a temporary workaround, restrict access to the log files to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Orion Application Server version 2.0.7 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For Orion Application Server version 2.0.7, consider disabling the logging feature to the terminal emulator until a patch is available, and restrict access to the log files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ruby versions 1.8.6 through patchlevel 383 Ruby versions 1.8.7 through patchlevel 248 Ruby version 1.8.8dev Ruby versions 1.9.1 through patchlevel 376 Ruby version 1.9.2dev **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as WEBrick writes data to a log file without sanitizing non-printable characters. **Recommendations** For Ruby versions 1.8.6 through patchlevel 383, update to a version with the necessary security patches. For Ruby versions 1.8.7 through patchlevel 248, update to a version with the necessary security patches. For Ruby version 1.8.8dev, apply the available security fix. For Ruby versions 1.9.1 through patchlevel 376, update to a version with the necessary security patches. For Ruby version 1.9.2dev, apply the available security fix.

**Name of the Vulnerable Software and Affected Versions** thttpd version 2.25b0 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator. This is due to thttpd writing data to a log file without sanitizing non-printable characters. **Recommendations** For thttpd version 2.25b0, consider disabling the logging feature to the terminal emulator until a patch is available, and restrict access to the log files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mini httpd version 1.19 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as mini httpd writes data to a log file without sanitizing non-printable characters. **Recommendations** For mini httpd version 1.19, consider sanitizing non-printable characters in log data to prevent potential exploitation. As a temporary workaround, restrict access to the log file to minimize the risk of arbitrary command execution.

**Name of the Vulnerable Software and Affected Versions** Cherokee versions prior to 0.99.32 **Description** The issue allows remote attackers to potentially modify a window's title or execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator, as the software writes data to a log file without sanitizing non-printable characters. **Recommendations** For versions prior to 0.99.32, update to version 0.99.32 or later to resolve the issue. As a temporary workaround, consider restricting access to the log file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** nginx version 0.7.64 **Description** The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is because nginx writes data to a log file without sanitizing non-printable characters. **Recommendations** For nginx version 0.7.64, update to a version that sanitizes non-printable characters in log files to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** Varnish version 2.0.6 **Description** The issue arises from Varnish writing data to a log file without sanitizing non-printable characters. This could potentially allow remote attackers to modify a window's title or possibly execute arbitrary commands or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. The vendor disputes the significance of this report, stating that the real problem lies in the mistaken belief that one can safely use the `cat(1)` command on a random log file to their terminal. **Recommendations** For Varnish version 2.0.6, consider avoiding the use of `cat(1)` on log files to prevent potential exploitation, as the vendor suggests the issue lies in this practice rather than the software itself. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mort Bay Jetty versions 6.x through 6.1.22 Mort Bay Jetty versions 7.0.0 **Description** The issue allows remote attackers to potentially modify a window's title, execute arbitrary commands, or overwrite files via an HTTP request containing an escape sequence for a terminal emulator. This is related to the handling of specific parameters and headers, including the `Age` parameter in the Cookie Dump Servlet, the `A` parameter in jsp/expr.jsp, and the `Content-Length` HTTP header. **Recommendations** For Mort Bay Jetty versions 6.x through 6.1.22, update to a version later than 6.1.22 to resolve the issue. For Mort Bay Jetty version 7.0.0, update to a version later than 7.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the Cookie Dump Servlet and jsp/expr.jsp to minimize the risk of exploitation. Avoid using the `Age` parameter in the Cookie Dump Servlet and the `A` parameter in jsp/expr.jsp until the issue is resolved. Restrict the handling of the `Content-Length` HTTP header in arbitrary applications to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** A cross-site request forgery issue exists in the RSS module, allowing remote attackers to hijack Admin user authentication for modifying the news feed system. This is achieved via the `rssurl` parameter in a Save action to "index.php". **Recommendations** For vtiger CRM version 5.0.4, consider restricting access to the RSS module until a fix is available, and avoid using the `rssurl` parameter in Save actions to "index.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** The issue concerns the saveForwardAttachments procedure in the Compose Mail functionality, allowing remote authenticated users to execute arbitrary code. This can be achieved by composing an e-mail message with a specifically crafted attachment filename and then making a direct request to a certain pathname under storage/. The vulnerability can be exploited in installations based on certain Apache HTTP Server configurations, and the attachment filename can end in .php, .php., or .php/ on different operating systems. **Recommendations** For vtiger CRM version 5.0.4, consider restricting access to the saveForwardAttachments procedure in the Compose Mail functionality until a patch is available. As a temporary workaround, avoid using the Compose Mail functionality with attachments that have filenames ending in .php, .php., or .php/. Restrict access to the storage/ directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `module` parameter to "graph.php", or the `module` or `file` parameter to "include/Ajax/CommonAjax.php", which can be reached through various modules such as "modules/Campaigns/CampaignsAjax.php", "modules/SalesOrder/SalesOrderAjax.php", and others. Additionally, remote authenticated users can include and execute arbitrary local files via a .. (dot dot) in the `step` parameter in an Import action to certain modules, including Accounts, Contacts, HelpDesk, Leads, Potentials, Products, or Vendors, reachable through "index.php" and related to "modules/Import/index.php" and multiple "Import.php" files. **Recommendations** For vtiger CRM version 5.0.4, consider disabling the vulnerable `graph.php` and `include/Ajax/CommonAjax.php` files, as well as restricting access to the `step` parameter in Import actions for the affected modules until a patch is available. Restrict access to the vulnerable modules, such as "modules/Campaigns/CampaignsAjax.php", "modules/SalesOrder/SalesOrderAjax.php", and others, to minimize the risk of exploitation. Avoid using the `module` and `file` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vtiger CRM version 5.0.4 **Description** A cross-site scripting (XSS) issue exists in the Activities module, allowing remote attackers to inject arbitrary web script or HTML via the `action` parameter to "phprint.php". **Recommendations** For vtiger CRM version 5.0.4, consider restricting access to the "phprint.php" endpoint or the `action` parameter to minimize the risk of exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/. This is related to the showproject action in managefile.php or the Messages feature. Recommendations: For Collabtive version 0.4.8, consider restricting file uploads to only allow non-executable file types and validate the MIME type of uploaded files to prevent exploitation. As a temporary workaround, restrict access to the files/ directory to minimize the risk of code execution.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: A cross-site scripting (XSS) issue exists due to improper handling of user input in the project Name field when an administrator performs an editform action. This allows attackers to inject arbitrary web script or HTML. Recommendations: For Collabtive version 0.4.8, consider restricting access to the manageproject.php file until a proper fix is applied, and ensure that all user input is properly sanitized to prevent XSS attacks. As a temporary workaround, avoid using the project Name field in manageproject.php for any sensitive operations.

Name of the Vulnerable Software and Affected Versions: Collabtive version 0.4.8 Description: The issue allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to "admin.php". Recommendations: For Collabtive version 0.4.8, consider restricting access to the "admin.php" endpoint until a patch is available. As a temporary workaround, limit the ability to create new users, especially administrators, to minimize the risk of exploitation.