Cxib

**Name of the Vulnerable Software and Affected Versions** PHP version 5.3.6 **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash. This is achieved through certain flags arguments in the `ZipArchive::addGlob` and `ZipArchive::addPattern` functions, specifically the `GLOB ALTDIRFUNC` and `GLOB APPEND` flags. **Recommendations** For PHP version 5.3.6, consider disabling the `ZipArchive::addGlob` and `ZipArchive::addPattern` functions until a patch is available to prevent potential denial of service attacks. Restrict access to these functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OPIE versions 2.4.1-test1 and earlier **Description** The issue is related to an off-by-one error in the ` opiereadrec` function in `readrec.c` in `libopie`. This error can be exploited by remote attackers to cause a denial of service, potentially leading to a daemon crash, or possibly execute arbitrary code. The exploitation can be achieved via a long `username` by sending a long USER command, for example, to the FreeBSD `ftpd`. Additionally, there are multiple vulnerabilities in the OPIE package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For OPIE versions 2.4.1-test1 and earlier, consider updating to a version that fixes the off-by-one error in the ` opiereadrec` function to prevent potential denial of service or arbitrary code execution. As a temporary workaround, consider restricting the length of the `username` parameter to prevent exploitation until a patch is available. Restrict access to the `ftpd` service to minimize the risk of remote exploitation.