Laurent Oudot

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 5 **Description** The issue concerns the storage of WiFi credentials in an unspecified file by the WiFi component, making it easier for remote attackers to obtain sensitive information via a crafted application. **Recommendations** For Apple iOS versions prior to 5, update to version 5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SquirrelMail versions 1.4.20 and earlier **Description** The issue allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. This is made possible by the Mail Fetch plugin in affected versions of SquirrelMail. **Recommendations** For SquirrelMail versions 1.4.20 and earlier, consider disabling the Mail Fetch plugin until a patch is available to prevent the misuse of SquirrelMail as a proxy for scanning internal networks.

**Name of the Vulnerable Software and Affected Versions** Horde IMP plugin (affected versions not specified) **Description** The issue allows remote attackers to bypass firewall restrictions and use Horde as a proxy to scan internal networks via a crafted request to an unspecified test script. This is only considered a vulnerability when the administrator does not follow the recommendations outlined in the product's installation documentation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 4 **Description** A stack-based buffer overflow issue in CFNetwork allows remote attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via vectors related to URL handling. **Recommendations** For Apple iOS versions prior to 4, update to version 4 or later to resolve the issue.