Jonathan Claudius

**Name of the Vulnerable Software and Affected Versions** Bitweaver versions 2.8.1 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the path info to certain API endpoints such as "stats/index.php" or "newsletters/edition.php", or by manipulating specific parameters like the `username` parameter to "users/remind password.php", the `days` parameter to "stats/index.php", the `login` parameter to "users/register.php", or the `highlight` parameter. **Recommendations** For Bitweaver versions 2.8.1 and earlier, consider disabling access to the vulnerable API endpoints "stats/index.php", "newsletters/edition.php", "users/remind password.php", and "users/register.php" until a patch is available. Additionally, restrict the use of the `username`, `days`, `login`, and `highlight` parameters in the respective scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.0.x through 2.0.16 RubyGems versions 2.2.x through 2.2.4 RubyGems versions 2.4.x through 2.4.7 **Description** The issue allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, which is referred to as a "DNS hijack attack." This occurs because the hostname is not validated when fetching gems or making API requests. **Recommendations** For RubyGems versions 2.0.x through 2.0.16, update to version 2.0.16 or later. For RubyGems versions 2.2.x through 2.2.4, update to version 2.2.4 or later. For RubyGems versions 2.4.x through 2.4.7, update to version 2.4.7 or later.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions prior to 4.38 Movable Type versions 5.0x prior to 5.07 Movable Type versions 5.1x prior to 5.13 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `dbuser` parameter in the cgi-bin/mt/mt-wizard.cgi file when the product is not fully installed. **Recommendations** For Movable Type versions prior to 4.38, update to version 4.38 or later. For Movable Type versions 5.0x prior to 5.07, update to version 5.07 or later. For Movable Type versions 5.1x prior to 5.13, update to version 5.13 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 3.3.1 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `dbhost`, `dbname`, or `uname` parameters in the wp-admin/setup-config.php file. The vendor disputes the significance of this issue, and it is unclear whether this specific scenario has security relevance. **Recommendations** For WordPress versions 3.3.1 and earlier, as a temporary workaround, consider restricting access to the wp-admin/setup-config.php file until a patch is available. Avoid using the `dbhost`, `dbname`, and `uname` parameters in the affected setup-config.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 3.3.1 and earlier **Description** The issue allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the `dbhost` parameter. This is possible because the installation component in WordPress does not limit the number of MySQL queries sent to external MySQL database servers. The vendor disputes the significance of this issue, citing that an incomplete WordPress installation might be present on the network for only a short time. **Recommendations** For WordPress versions 3.3.1 and earlier, consider restricting access to the `wp-admin/setup-config.php` installation component to minimize the risk of exploitation. As a temporary workaround, limit the number of MySQL queries sent to external MySQL database servers until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNOME Vino versions 2.26.1 through 3.7.3 GNOME Vino version 3.8 when encryption is disabled **Description** The issue is related to the `vino server client data pending` function in `vino-server.c`, which does not properly clear client data when an error causes the connection to close during authentication. This allows remote attackers to cause a denial of service via multiple crafted requests during authentication, leading to an infinite loop, CPU, and disk consumption. **Recommendations** For GNOME Vino versions 2.26.1 through 3.7.3, update to a version where the `vino server client data pending` function is properly fixed. For GNOME Vino version 3.8, enable encryption to prevent exploitation. As a temporary workaround, consider disabling the `vino server client data pending` function until a patch is available. Restrict access to the `vino-server.c` module to minimize the risk of exploitation.