Luca Carettoni

**Name of the Vulnerable Software and Affected Versions** Hudson versions prior to 3.3.2 **Description** The issue allows XXE (XML External Entity) attacks, which can provide access to potentially sensitive information on the filesystem of the Hudson master server. This is due to a flaw in the XML API processing. **Recommendations** For versions prior to 3.3.2, update to version 3.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Netty versions 3.9.7 and earlier, 3.10.x prior to 3.10.3.Final, 4.0.x prior to 4.0.28.Final, 4.1.x prior to 4.1.0.Beta5 Play Framework versions 2.x prior to 2.3.9 **Description** The issue allows remote attackers to bypass the httpOnly flag on cookies, potentially obtaining sensitive information. This is due to improper validation of cookie name and value characters. **Recommendations** For Netty versions 3.9.7 and earlier, update to version 3.9.8.Final or later. For Netty versions 3.10.x prior to 3.10.3.Final, update to version 3.10.3.Final or later. For Netty versions 4.0.x prior to 4.0.28.Final, update to version 4.0.28.Final or later. For Netty versions 4.1.x prior to 4.1.0.Beta5, update to version 4.1.0.Beta5 or later. For Play Framework versions 2.x prior to 2.3.9, update to version 2.3.9 or later.

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.606 Jenkins LTS versions prior to 1.596.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Jenkins versions prior to 1.606, update to version 1.606 or later. For Jenkins LTS versions prior to 1.596.2, update to version 1.596.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apache ActiveMQ versions prior to 5.6.0 **Description** The issue allows remote attackers to cause a denial of service, leading to file-descriptor exhaustion and potentially causing the broker to crash or hang. This is achieved by sending many openwire failover:tcp:// connection requests. **Recommendations** For versions prior to 5.6.0, update to version 5.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Flex SDK versions 3.x through 4.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved through vectors related to the loading of modules from different domains. **Recommendations** For Adobe Flex SDK versions 3.x through 4.5, update to version 4.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NetSupport Manager Agent versions 11.00 for Linux, 9.50 for Solaris, and 11.00 for Mac OS X **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405. **Recommendations** For NetSupport Manager Agent version 11.00 for Linux, update to a version that fixes this issue. For NetSupport Manager Agent version 9.50 for Solaris, update to a version that fixes this issue. For NetSupport Manager Agent version 11.00 for Mac OS X, update to a version that fixes this issue. As a temporary workaround, consider restricting access to TCP port 5405 to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: DFLabs PTK versions 0.1 through 1.0 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image. This is due to a problem in the get file type function in lib/file content.php. Recommendations: For DFLabs PTK versions 0.1 through 1.0, consider restricting access to the get file type function in lib/file content.php until a patch is available. As a temporary workaround, avoid using filenames with shell metacharacters after an arg1= sequence in a forensic image.

**Name of the Vulnerable Software and Affected Versions** ZeroShell versions 1.0beta11 and earlier **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `type` parameter in a NoAuthREQ x509List action, specifically targeting the "cgi-bin/kerbynet" endpoint. **Recommendations** For ZeroShell versions 1.0beta11 and earlier, as a temporary workaround, consider restricting access to the "cgi-bin/kerbynet" endpoint to minimize the risk of exploitation. Avoid using the `type` parameter in the NoAuthREQ x509List action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Philips Electronics VOIP841 DECT Phone versions 1.0.4.50 through 1.0.4.80 **Description** A cross-site scripting (XSS) issue exists in the web server component, allowing remote attackers to inject arbitrary web script or HTML via the request URL. This occurs because the web server does not properly handle the request URL in a 404 web error page. **Recommendations** For versions 1.0.4.50 through 1.0.4.80, as a temporary workaround, consider restricting access to the web server component until a patch is available. Avoid using the web server component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Philips Electronics VOIP841 DECT Phone versions 1.0.4.50 through 1.0.4.80 **Description** The issue allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request to API endpoints such as `/` or other unspecified endpoints, by manipulating the `file path` variable. This can potentially expose sensitive files, including `save.dat` and `apply.log`, which may contain credentials like the Skype username and password. **Recommendations** For versions 1.0.4.50 through 1.0.4.80, consider restricting access to sensitive files and directories to prevent unauthorized reading. As a temporary workaround, restrict access to the web server's GET request functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Philips Electronics VOIP841 DECT Phone versions 1.0.4.50 through 1.0.4.80 **Description** The issue concerns a back door "service" account with a predefined password, making it easier for remote attackers to gain access. **Recommendations** For versions 1.0.4.50 through 1.0.4.80, consider changing the password of the "service" account to a strong and unique one to prevent unauthorized access. As a temporary workaround, restrict access to the device until a patch is available.

Name of the Vulnerable Software and Affected Versions: Boa version 0.93.15 Description: The issue allows remote attackers to change the admin password stored in memory by sending a long username in an HTTP Basic Authentication request. This is due to the failure of the Intersil isl3893 extensions to prevent stack writes from entering memory locations used for string constants. Recommendations: For Boa version 0.93.15, consider restricting access to the HTTP Basic Authentication endpoint until a fix is available. As a temporary workaround, avoid using the `username` variable in the affected API endpoint, such as "/api/v1/login", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) versions 5.21 and earlier **Description** The issue allows remote attackers to obtain sensitive information, including intranet IP addresses and enumerations of valid parameter values, by making a direct request to `hc`. This sensitive information is revealed in an error message or a cookie. **Recommendations** For Hummingbird Collaboration versions 5.21 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Siemens SANTIS 50 version 4.2.8.0 **Description** The issue allows remote attackers to access the Telnet port without authentication by sending certain packets to the web interface, causing it to freeze. This could potentially affect other products, including Ericsson HN294dp and Dynalink RTA300W. **Recommendations** For Siemens SANTIS 50 version 4.2.8.0, consider restricting access to the Telnet port and the web interface until a fix is available. As a temporary workaround, avoid using the web interface to prevent it from freezing and potentially allowing unauthorized access.