Jouko Pynnonen

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 **Description** The issue is related to the touch-events implementation in WebKit, allowing remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site. **Recommendations** For Apple iOS versions prior to 8.3, update to version 8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 Apple Safari versions prior to 6.2.5 Apple Safari versions 7.x prior to 7.1.5 Apple Safari versions 8.x prior to 8.0.5 **Description** The issue is related to how WebKit handles the userinfo field in FTP URLs, allowing remote attackers to trigger incorrect resource access. **Recommendations** For Apple iOS versions prior to 8.3, update to version 8.3 or later. For Apple Safari versions prior to 6.2.5, update to version 6.2.5 or later. For Apple Safari versions 7.x prior to 7.1.5, update to version 7.1.5 or later. For Apple Safari versions 8.x prior to 8.0.5, update to version 8.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.2.5 Apple Safari versions 7.x prior to 7.1.5 Apple Safari versions 8.x prior to 8.0.5 **Description** The issue affects the private-browsing implementation in WebKit, potentially allowing local users to obtain sensitive information by reading index entries that contain browsing history. **Recommendations** For Apple Safari versions prior to 6.2.5, update to version 6.2.5 or later. For Apple Safari versions 7.x prior to 7.1.5, update to version 7.1.5 or later. For Apple Safari versions 8.x prior to 8.0.5, update to version 8.0.5 or later.

**Name of the Vulnerable Software and Affected Versions** WPML plugin versions prior to 3.1.9 **Description** The issue concerns the "menu sync" function, which allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to "sitepress-multilingual-cms/menu/menus-sync.php". **Recommendations** For WPML plugin versions prior to 3.1.9, update to version 3.1.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPML plugin versions prior to 3.1.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `lang` parameter in the HTTP Referer header in a "wp-link-ajax" action to "comments/feed". **Recommendations** For WPML plugin versions prior to 3.1.9, update to version 3.1.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WPML plugin versions prior to 3.1.9 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `target` parameter in a `reminder popup` action to the default URI. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For WPML plugin versions prior to 3.1.9, update to version 3.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the `reminder popup` action to minimize the risk of exploitation. Avoid using the `target` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1 **Description** The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource. This is due to a problem in the wp-includes/http.php file. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1 **Description** The issue allows remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message, specifically targeting the wp-login.php file. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1 **Description** The issue allows remote attackers to obtain access to an account that has been idle since 2008. This is possible due to an improper PHP dynamic type comparison for an MD5 hash. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 **Description** A cross-site scripting (XSS) issue exists due to a vulnerability in the wptexturize function. This allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, such as in a comment or a post. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.9.3 WordPress versions 4.0.0 **Description** A cross-site scripting (XSS) issue exists in the media-playlists feature, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For WordPress versions prior to 3.9.3, update to version 3.9.3 or later. For WordPress version 4.0.0, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions 3.7.4, 3.8.4, 3.9.2, and 4.0 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of arbitrary users for requests that reset passwords. This occurs in the wp-login.php file. **Recommendations** For WordPress version 3.7.4, update to a version that includes the fix for this issue. For WordPress version 3.8.4, update to a version that includes the fix for this issue. For WordPress version 3.9.2, update to a version that includes the fix for this issue. For WordPress version 4.0, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by providing a long password that is not handled properly during the hashing process. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 3.7.5 WordPress versions 3.8.x prior to 3.8.5 WordPress versions 3.9.x prior to 3.9.3 WordPress versions 4.x prior to 4.0.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This could potentially lead to unauthorized actions on behalf of the user. **Recommendations** For WordPress versions prior to 3.7.5, update to version 3.7.5 or later. For WordPress versions 3.8.x prior to 3.8.5, update to version 3.8.5 or later. For WordPress versions 3.9.x prior to 3.9.3, update to version 3.9.3 or later. For WordPress versions 4.x prior to 4.0.1, update to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** J2SE versions 1.4.2 up to 1.4.2 06 **Description** The issue allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. This is related to an argument injection vulnerability in Java Web Start. **Recommendations** For J2SE versions 1.4.2 up to 1.4.2 06, update to a version that contains a fix for this issue to prevent untrusted applications from gaining privileges.

Name of the Vulnerable Software and Affected Versions: Java 2 Runtime Environment (JRE) versions 1.4.2 01 through 1.4.2 04 and possibly earlier versions Description: The issue concerns improper access restriction between Javascript and Java applets during data transfer. This allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. Recommendations: For Java 2 Runtime Environment (JRE) versions 1.4.2 01 through 1.4.2 04 and possibly earlier versions, consider disabling the use of the reflection API to access private Java packages as a temporary workaround until a patch is available. Restrict access between Javascript and Java applets to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Windows Media Player version 7.1 Windows Media Player for Windows XP Description: A directory traversal issue allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location. Recommendations: For Windows Media Player version 7.1, consider disabling the skins feature until a patch is available. For Windows Media Player for Windows XP, restrict access to skins files to minimize the risk of exploitation.