Ben Schmidt

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.8.0 through 1.8.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in loop and CPU consumption. This is achieved by providing a small value for a BSON document length in the MongoDB dissector. **Recommendations** For Wireshark versions 1.8.0 through 1.8.1, update to version 1.8.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.x through 1.4.14 Wireshark versions 1.6.x through 1.6.9 Wireshark versions 1.8.x through 1.8.1 **Description** The issue is related to an integer overflow in the dissect xtp ecntl function in the XTP dissector. This allows remote attackers to cause a denial of service, resulting in a loop or application crash, via a large value for a span length. **Recommendations** For Wireshark versions 1.4.x through 1.4.14, update to version 1.4.15 or later. For Wireshark versions 1.6.x through 1.6.9, update to version 1.6.10 or later. For Wireshark versions 1.8.x through 1.8.1, update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.x through 1.4.14 Wireshark versions 1.6.x through 1.6.9 Wireshark versions 1.8.x through 1.8.1 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, via a malformed packet. This is related to the CIP dissector in Wireshark. **Recommendations** For Wireshark versions 1.4.x through 1.4.14, update to version 1.4.15 or later. For Wireshark versions 1.6.x through 1.6.9, update to version 1.6.10 or later. For Wireshark versions 1.8.x through 1.8.1, update to version 1.8.2 or later.

**Name of the Vulnerable Software and Affected Versions** Allwebmenus plugin version 1.1.3 for WordPress **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `abspath` parameter in the actions.php file. **Recommendations** For Allwebmenus plugin version 1.1.3, avoid using the `abspath` parameter in the actions.php file until the issue is resolved. Consider restricting access to the actions.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vim versions 3.0 through 7.x before 7.2.010 **Description** The issue allows user-assisted attackers to execute arbitrary shell commands or Ex commands by exploiting improper character escaping. This can be achieved by entering specific keystrokes on a line containing certain characters, such as a semicolon followed by a command, or by using keystroke sequences like Ctrl-] or g] with an argument. **Recommendations** For Vim versions 3.0 through 7.x before 7.2.010, update to version 7.2.010 or later to resolve the issue.