Laurent Gaffie

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insufficient input validation in the bowser.sys driver of the Windows operating system. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 7 SP1 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Gold Microsoft Windows Server 2012 R2 **Description** A remote code execution issue exists in the HTTP protocol stack (HTTP.sys) due to improper parsing of specially crafted HTTP requests. This allows remote attackers to execute arbitrary code in the context of the System account. To exploit this issue, an attacker would have to send a specially crafted HTTP request to the affected system. **Recommendations** For Microsoft Windows 7 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2008 R2 SP1, update to a newer version that contains a fix for this issue. For Microsoft Windows 8, update to a newer version that contains a fix for this issue. For Microsoft Windows 8.1, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2012 Gold, update to a newer version that contains a fix for this issue. For Microsoft Windows Server 2012 R2, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 3.4.8 Samba versions 3.5.x prior to 3.5.2 **Description** The issue allows remote attackers to trigger an out-of-bounds read and cause a denial of service via a Session Setup AndX request with a specific security blob length, such as `xffxff`. Multiple vulnerabilities in the Samba package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For Samba versions prior to 3.4.8, update to version 3.4.8 or later. For Samba versions 3.5.x prior to 3.5.2, update to version 3.5.2 or later. As a temporary workaround, consider restricting access to the `reply sesssetup and X spnego` function in `sesssetup.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 3.4.8 Samba versions 3.5.x prior to 3.5.2 Samba versions prior to 3.5.15 **Description** The issue allows remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be achieved through specific requests, including a Negotiate Protocol request with a certain `0x0003` field value followed by a Session Setup AndX request with a certain `0x8003` field value. The `chain reply` function in `process.c` in `smbd` is specifically vulnerable. **Recommendations** For Samba versions prior to 3.4.8, update to version 3.4.8 or later. For Samba versions 3.5.x prior to 3.5.2, update to version 3.5.2 or later. For Samba versions prior to 3.5.15, update to version 3.5.15 or later. As a temporary workaround, consider restricting access to the `chain reply` function in `process.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Novell Client versions 4.91 SP4 and earlier **Description** A stack-based buffer overflow issue allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long `username` in the "forgotten password" dialog. **Recommendations** For Novell Client versions 4.91 SP4 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.4 Description: The issue allows remote attackers to bypass safe mode and open basedir restrictions in PHP via the MySQL functions: (1) LOAD FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE. Recommendations: For versions prior to 5.2.4, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of the MySQL functions LOAD FILE, INTO DUMPFILE, and INTO OUTFILE until a patch is available.

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.4 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing a long string in the `locale` parameter to the `setlocale` function. This might not be considered a vulnerability in most web server environments that support multiple threads, unless it can be demonstrated to allow code execution. Recommendations: For PHP versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the length of the string passed to the `locale` parameter in the `setlocale` function to prevent denial of service attacks.

Name of the Vulnerable Software and Affected Versions: PHP JackKnife (PHPJK) (affected versions not specified) Description: The issue allows remote attackers to obtain sensitive information. This can be achieved by sending a request to "index.php" with an invalid value of the `iParentUnq[]` parameter, or by sending a request to "G Display.php" with an invalid `iCategoryUnq[]` or `sSort[]` array parameter. The error messages resulting from these requests reveal the path. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KLF-REALTY (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is achieved through the `category` and `agent` parameters in the "search listing.asp" endpoint, and the `property id` parameter in the "detail.asp" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vSpin.net Classified System 2004 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in two different ASP files: - The `cat` parameter to "cat.asp", - The `keyword`, `order`, `sort`, `menuSelect`, or `state` parameters to "search.asp". **Recommendations** For vSpin.net Classified System 2004, consider restricting access to the "cat.asp" and "search.asp" files until a patch is available. As a temporary workaround, avoid using the `cat`, `keyword`, `order`, `sort`, `menuSelect`, and `state` parameters in the respective API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vSpin.net Classified System 2004 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited through the `catname` parameter to "cat.asp" or the `minprice` parameter to "search.asp". **Recommendations** For vSpin.net Classified System 2004, consider restricting access to the `catname` parameter in "cat.asp" and the `minprice` parameter in "search.asp" to minimize the risk of exploitation. Avoid using these parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.