Hdm

**Name of the Vulnerable Software and Affected Versions** Soft Serve versions prior to 0.7.5 **Description** The issue is related to Soft Serve passing all environment variables given by the client to git subprocesses, including variables that control program execution, such as `LD PRELOAD`. This can be exploited to execute arbitrary code by uploading a malicious shared object file to Soft Serve via Git LFS and referencing it in `LD PRELOAD` via a Soft Serve SSH session. For example, an attacker can use the `LD PRELOAD` variable to execute a shell by patching a shared library function called by git. **Recommendations** For versions prior to 0.7.5, update to version 0.7.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `LD PRELOAD` environment variable to minimize the risk of exploitation. Additionally, avoid using Git LFS to upload malicious files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Accellion File Transfer Appliance devices versions prior to FTA 9 11 210 **Description** A directory traversal issue exists in the template function in function.inc, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `statecode` cookie. **Recommendations** For versions prior to FTA 9 11 210, update to FTA 9 11 210 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Accellion File Transfer Appliance versions prior to FTA 9 11 210 **Description** The issue allows remote attackers to execute arbitrary code via shell metacharacters in the `oauth token` parameter. **Recommendations** For Accellion File Transfer Appliance versions prior to FTA 9 11 210, update to version FTA 9 11 210 or later to resolve the issue. As a temporary workaround, consider restricting access to the `oauth token` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Wget versions prior to 1.16 **Description** The issue allows remote FTP servers to write to arbitrary files and execute arbitrary code when recursion is enabled, through a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. **Recommendations** For GNU Wget versions prior to 1.16, consider disabling recursion to minimize the risk of exploitation until a patch is available. Restrict access to arbitrary files to prevent potential code execution.

**Name of the Vulnerable Software and Affected Versions** Novell eDirectory version 8.8.5 **Description** The issue concerns the dhost web service, which uses a predictable session cookie. This predictability makes it easier for remote attackers to hijack sessions by modifying the cookie. **Recommendations** For Novell eDirectory version 8.8.5, consider regenerating session cookies with a more secure, unpredictable algorithm to prevent session hijacking. As a temporary workaround, restrict access to the dhost web service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 6 on Windows XP SP2 **Description** The issue is caused by an integer overflow when a 0x7fffffff argument is passed to the setSlice method on a WebViewFolderIcon ActiveX object, leading to an invalid memory copy. This could allow remote attackers to cause a denial of service or execute arbitrary code. A remote code execution vulnerability exists in Windows Shell due to improper validation of input parameters when invoked by the WebViewFolderIcon ActiveX control. An attacker could exploit this by hosting a specially crafted web site or sending a specially crafted e-mail message, potentially taking complete control of an affected system. **Recommendations** For Microsoft Internet Explorer 6 on Windows XP SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider disabling the WebViewFolderIcon ActiveX control until a patch is available. Restrict access to web sites that could potentially exploit this vulnerability to minimize the risk of exploitation.