Bernhard Mueller

**Name of the Vulnerable Software and Affected Versions** SysAid On-Premise versions prior to 14.4.2 **Description** The issue allows remote attackers to read arbitrary files. This is achieved by using a (four backslashes) in the `fileName` parameter to the getRdsLogFile endpoint. **Recommendations** For versions prior to 14.4.2, update to version 14.4.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mod security2 versions prior to 2.7.0 **Description** The issue allows remote attackers to bypass rules and deliver arbitrary POST data to a PHP application via a multipart request where an invalid part precedes the crafted data. This can be achieved by sending a specially crafted request. **Recommendations** For versions prior to 2.7.0, update to version 2.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod security2 module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM Director versions prior to 5.20.3 Service Update 2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending an M-POST request to a long "http://example.com/CIMListener/" URI with a long consumer name, such as a long `consumer name` variable. **Recommendations** For versions prior to 5.20.3 Service Update 2, update to version 5.20.3 Service Update 2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SonicWall SSL-VPN 200 versions prior to 2.1 SonicWall SSL-VPN 2000/4000 versions prior to 2.5 WebCacheCleaner ActiveX control version 1.3.0.3 **Description** The issue allows remote attackers to delete arbitrary files via a full pathname in the argument to the `FileDelete` method. This is due to an absolute path traversal vulnerability in the WebCacheCleaner ActiveX control. **Recommendations** For SonicWall SSL-VPN 200 versions prior to 2.1, update to version 2.1 or later. For SonicWall SSL-VPN 2000/4000 versions prior to 2.5, update to version 2.5 or later. For WebCacheCleaner ActiveX control version 1.3.0.3, consider disabling the `FileDelete` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SonicWall SSL-VPN NetExtender versions prior to 2.1.0.51 SonicWall SSL-VPN NetExtender versions 2.5.x prior to 2.5.0.56 **Description** The issue allows remote attackers to execute arbitrary code via a long Unicode property value in several parameters, including `serverAddress`, `sessionId`, `clientIPLower`, `clientIPHigher`, `userName`, `domainName`, or `dnsSuffix`. **Recommendations** For versions prior to 2.1.0.51, update to version 2.1.0.51 or later. For versions 2.5.x prior to 2.5.0.56, update to version 2.5.0.56 or later.

**Name of the Vulnerable Software and Affected Versions** Snoopy version 1.2 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page. This is due to improper handling by the `fetch` function in the ` httpsrequest` function. **Recommendations** For Snoopy version 1.2, consider disabling the ` httpsrequest` function until a patch is available to prevent exploitation. Restrict access to the `fetch` function to minimize the risk of arbitrary command execution. Avoid using HTTPS URLs with shell metacharacters in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RSA Authentication Agent for Web versions 5.3 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `image` parameter in a "GetPic" operation. **Recommendations** For RSA Authentication Agent for Web versions 5.3 and earlier, update to a version later than 5.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 5.0 through 6.0 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to the execution of arbitrary code, via a web page with embedded CLSIDs referencing certain COM objects. This results in memory corruption due to the instantiation of these COM objects, including those from various DLL files such as `devenum.dll`, `diactfrm.dll`, `wmm2filt.dll`, `fsusd.dll`, `dmdskmgr.dll`, `browsewm.dll`, `browseui.dll`, `shell32.dll`, `mshtml.dll`, `inetcfg.dll`, `infosoft.dll`, `query.dll`, `syncui.dll`, `clbcatex.dll`, `clbcatq.dll`, `comsvcs.dll`, and `msconf.dll`. **Recommendations** For Internet Explorer versions 5.0 through 6.0, consider disabling the instantiation of COM objects from the mentioned DLL files as a temporary workaround until a patch is available. Restrict access to web pages that could potentially exploit this issue to minimize the risk of memory corruption and arbitrary code execution.

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01 SP4 through 6 Description: The issue allows remote attackers to cause a denial of service, potentially leading to application crashes, and may also enable the execution of arbitrary code. This can be achieved through a web page containing embedded CLSIDs that reference specific COM objects not classified as ActiveX controls. An example of exploitation involves the use of the JVIEW Profiler (Javaprxy.dll). Recommendations: For Internet Explorer versions 5.01 SP4 through 6, consider disabling the use of COM objects that are not ActiveX controls as a temporary mitigation measure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpCMS versions 1.2.x through 1.2.1pl1 **Description** A directory traversal issue exists, allowing remote attackers to read or include arbitrary files. This can be achieved by using a .. (dot dot) in the `language` parameter to "parser.php". **Recommendations** For phpCMS versions 1.2.x through 1.2.1pl1, update to version 1.2.1pl2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Exhibit Engine (EE) version 1.22 **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters are `search row`, `sort row`, `order`, and `perpage`. **Recommendations** For Exhibit Engine (EE) version 1.22, avoid using the parameters `search row`, `sort row`, `order`, and `perpage` in the list.php file until a fix is available. Consider restricting access to list.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.