Jan Lieskovsky

**Name of the Vulnerable Software and Affected Versions** Xchat-WDK versions prior to 1499-4 xchat version 2.8.6 **Description** A heap-based buffer overflow could allow remote attackers to cause a denial of service or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane (BMP). **Recommendations** For Xchat-WDK versions prior to 1499-4, update to version 1499-4 or later to resolve the issue. For xchat version 2.8.6, consider disabling the handling of UTF-8 lines from servers until a patch is available.

Name of the Vulnerable Software and Affected Versions: kdeplasma-addons versions prior to 4.10.5 Description: The issue concerns the %{password(...)} macro in pastemacroexpander.cpp, which does not properly generate passwords. This allows attackers to bypass authentication via a brute-force attack. Recommendations: For versions prior to 4.10.5, update to version 4.10.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas that rely on the %{password(...)} macro for authentication until the update is applied.

**Name of the Vulnerable Software and Affected Versions** fwknop versions prior to 2.0.3 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a server crash, or possibly execute arbitrary code. **Recommendations** For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zend Framework versions 2.0.x through 2.0.0 **Description** Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified input to various components, including (1) Debug, (2) FeedPubSubHubbub, (3) LogFormatterXml, (4) TagCloudDecorator, (5) Uri, (6) ViewHelperHeadStyle, (7) ViewHelperNavigationSitemap, or (8) ViewHelperPlaceholderContainerAbstractStandalone, related to Escaper. **Recommendations** For versions 2.0.x through 2.0.0, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting input to the affected components, such as Debug, FeedPubSubHubbub, LogFormatterXml, TagCloudDecorator, Uri, ViewHelperHeadStyle, ViewHelperNavigationSitemap, or ViewHelperPlaceholderContainerAbstractStandalone, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Freeciv versions prior to 2.3.4 **Description** A denial of service flaw was found in the way the server component of Freeciv processed certain packets. A remote attacker could send a specially-crafted packet that, when processed, would lead to memory exhaustion or excessive CPU consumption. **Recommendations** For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the server component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Java SE 7 as provided by OpenJDK 7 **Description** An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation incorrectly initialized integer arrays after memory allocation, potentially allowing them to have nonzero elements right after allocation. A remote attacker could use this flaw to obtain potentially sensitive information. **Recommendations** For Java SE 7 as provided by OpenJDK 7, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LDAP Account Manager (LAM) Pro version 3.6 **Description** A Cross-Site Scripting (XSS) issue exists in the filter parameter to "cmd.php" in an export and exporter id action, and the filteruid parameter to "list.php". **Recommendations** For LDAP Account Manager (LAM) Pro version 3.6, consider disabling access to the "cmd.php" and "list.php" scripts until a patch is available, or restrict the use of the `filter` and `filteruid` parameters in these scripts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LDAP Account Manager (LAM) Pro version 3.6 **Description** A Cross-Site Scripting (XSS) issue exists in the export, add value form, and dn parameters to "cmd.php" API endpoint. This allows for potential malicious script execution. **Recommendations** For LDAP Account Manager (LAM) Pro version 3.6, consider restricting access to the "cmd.php" API endpoint until a patch is available. As a temporary workaround, avoid using the `export`, `add value form`, and `dn` parameters in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jasig Project php-pear-CAS version 1.2.2 **Description** An Information Disclosure issue exists in the Jasig Project php-pear-CAS package. The Central Authentication Service client library archives the debug logging file in an insecure manner in the /tmp directory. **Recommendations** For Jasig Project php-pear-CAS version 1.2.2, consider restricting access to the debug logging file in the /tmp directory to minimize the risk of exploitation. As a temporary workaround, avoid using the debug logging feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Yaws version 1.91 **Description** The issue arises from the way certain URLs are processed, allowing a remote authenticated user to exploit a directory traversal flaw. This could enable the user to obtain the content of arbitrary local files by sending specially-crafted URL requests. **Recommendations** For Yaws version 1.91, consider restricting access to sensitive local files until a patch is available. As a temporary workaround, carefully validate and sanitize all URL requests to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** hardlink versions prior to 0.1.2 **Description** The issue arises from the way hardlink processes directory trees with deeply nested directories, leading to multiple stack-based buffer overflow flaws. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it. This could result in the hardlink executable crashing or potentially executing arbitrary code with the privileges of the user running the hardlink executable. **Recommendations** For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the consolidation of directory trees with deeply nested directories until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 **Description** The issue allows a remote attacker to bypass or corrupt the integrity of services that rely on strong private RSA key generation mechanisms, due to the generation of an exponent value of '1' for private RSA key generation. **Recommendations** For versions after 2011-09-01 up to 2011-11-03, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yubico PAM Module versions prior to 2.10 **Description** The issue allows a remote attacker to bypass the common authentication process by providing a NULL value as the password string, potentially gaining access to an account. This can be achieved by pressing the Ctrl-D keyboard sequence when the `use first pass` PAM configuration option is not used and the module is configured as 'sufficient' in the PAM configuration. **Recommendations** For Yubico PAM Module versions prior to 2.10, update to version 2.10 or later to resolve the issue. As a temporary workaround, consider configuring the `use first pass` PAM configuration option or changing the module configuration to 'required' to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hardlink versions prior to 0.1.2 **Description** The issue arises from multiple integer overflows that lead to heap-based buffer overflows due to the way string lengths are concatenated in the calculation of the required memory space. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, potentially leading to a hardlink executable crash or arbitrary code execution with user privileges. **Recommendations** For versions prior to 0.1.2, update to version 0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of hardlink to prevent consolidation of potentially malicious directory trees until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Drupal Views Bulk Operations (VBO) module versions 6.x-1.0 through 6.x-1.10 **Description** The issue arises from the improper escaping of vocabulary help in the Drupal Views Bulk Operations (VBO) module when user tagging is enabled and the "Modify node taxonomy terms" action is used. This could allow a remote attacker to provide a specially-crafted URL, potentially leading to a cross-site scripting (XSS) attack. **Recommendations** For versions 6.x-1.0 through 6.x-1.10, consider disabling the "Modify node taxonomy terms" action until a proper fix is available to prevent potential XSS attacks. Restrict access to user tagging functionality in the vocabulary to minimize the risk of exploitation. Avoid using the vulnerable module for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zope versions 2.8.x through 2.8.11 Zope versions 2.9.x through 2.9.11 Zope versions 2.10.x through 2.10.10 Zope versions 2.11.x through 2.11.5 Zope versions 2.12.x through 2.12.2 Zope versions 3.1.1 through 3.4.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. This issue exists due to an incomplete fix. **Recommendations** For Zope versions 2.8.x through 2.8.11, update to version 2.8.12 or later. For Zope versions 2.9.x through 2.9.11, update to version 2.9.12 or later. For Zope versions 2.10.x through 2.10.10, update to version 2.10.11 or later. For Zope versions 2.11.x through 2.11.5, update to version 2.11.6 or later. For Zope versions 2.12.x through 2.12.2, update to version 2.12.3 or later. For Zope versions 3.1.1 through 3.4.1, update to a version later than 3.4.1.

**Name of the Vulnerable Software and Affected Versions** quagga version 0.99.21 **Description** The issue is related to a denial of service flaw in the way the ospf6d daemon performs routes removal. **Recommendations** For quagga version 0.99.21, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libuser (affected versions not specified) **Description** The issue is related to information disclosure when the user's home directory is moved. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** evolution-data-server3 versions 3.0.3 through 3.2.1 **Description** The issue arises when the Sent folder is located on a remote server, and the software uses an insecure, non-SSL connection to store sent email messages. This flaw could allow an attacker to obtain the login credentials of the victim. **Recommendations** For evolution-data-server3 versions 3.0.3 through 3.2.1, consider configuring the software to use a secure SSL connection when storing sent email messages in the Sent folder on a remote server. As a temporary workaround, restrict access to the Sent folder on the remote server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openvas-scanner versions prior to 2011-09-11 **Description** The issue allows a local attacker to conduct symlink attacks, potentially overwriting arbitrary files on the system. This is due to the insecure creation of a temporary file when generating OVAL system characteristics documents with the ovaldi integrated tool enabled. **Recommendations** For versions prior to 2011-09-11, update to a version released after 2011-09-11 to resolve the issue. As a temporary workaround, consider disabling the ovaldi integrated tool until a patch is available. Restrict access to the temporary files generated by openvas-scanner to minimize the risk of exploitation.