Luca Ercoli

**Name of the Vulnerable Software and Affected Versions** Etomite Content Management System versions 0.6 and earlier **Description** The issue allows remote attackers to execute arbitrary commands via the `cij` parameter in the manager/includes/todo.inc.php file. This is due to a back door in the software. **Recommendations** For Etomite Content Management System versions 0.6 and earlier, avoid using the `cij` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FTGate4 version 4.1 **Description** The issue concerns multiple buffer overflows in the IMAP Groupware Mail server of FTGate4. Remote attackers can execute arbitrary code by providing long arguments to various IMAP commands. This has been demonstrated using the EXAMINE command. **Recommendations** For FTGate4 version 4.1, update to a version that addresses the buffer overflow issues in the IMAP Groupware Mail server to prevent remote code execution.

Name of the Vulnerable Software and Affected Versions: Apache version 2.0.52 Description: A buffer overflow issue exists in the htdigest utility of Apache, potentially allowing attackers to execute arbitrary code through a long realm argument. However, since htdigest is typically only accessible locally and not setuid or setgid, there are limited attack vectors that could lead to privilege escalation, unless htdigest is executed from a CGI program. Recommendations: For Apache version 2.0.52, consider restricting access to the htdigest utility to minimize potential risks, especially if it is executed from a CGI program. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** MySQL versions prior to 4.1.9 **Description** The issue allows remote attackers with certain privileges to cause a denial of service, resulting in an application crash. This can be achieved by using a specific command followed by an MS-DOS device name, such as `LPT1` or `PRN`. **Recommendations** For versions prior to 4.1.9, update to a version that contains a fix for this issue to prevent the denial of service.

**Name of the Vulnerable Software and Affected Versions** Mozilla versions 1.6 and possibly other versions **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by using a XBM (X BitMap) file with a large height or width value. **Recommendations** For Mozilla version 1.6, avoid using XBM files with large height or width values until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bajie Http Web Server versions 0.95zxe through 0.95zxc **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message. **Recommendations** For versions 0.95zxe through 0.95zxc, consider restricting access to the query string parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Portmon versions 1.7 and earlier Description: The issue allows local users to read and write arbitrary files. This can be achieved via the command line options, specifically the `-c` option for host files or the `-l` option for log files. Recommendations: For Portmon version 1.7 and earlier, consider restricting access to the command line options `-c` and `-l` to minimize the risk of exploitation. As a temporary workaround, limit the use of these options until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Maelstrom versions 3.0.6 and earlier Description: A buffer overflow issue allows local users to execute arbitrary code via a long -server command line argument. Recommendations: For Maelstrom versions 3.0.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Maelstrom (affected versions not specified) Description: A buffer overflow issue allows local users to execute arbitrary code via a long -player command line argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.