Muts

**Name of the Vulnerable Software and Affected Versions** Atmail Webmail Server version 6.4 **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the administrative interface. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `Date` field of an email. **Recommendations** For Atmail Webmail Server version 6.4, consider restricting access to the administrative interface until a fix is available. As a temporary workaround, avoid using the `Date` field in emails to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MantisBT versions 1.1.0a3 through 1.2.17 **Description** A cross-site scripting (XSS) issue exists due to a problem in the `projax array serialize for autocomplete` function. This allows remote attackers to inject arbitrary web script or HTML via the `profile/Platform` field. **Recommendations** For versions 1.1.0a3 through 1.2.17, as a temporary workaround, consider restricting access to the `projax array serialize for autocomplete` function in `core/projax api.php` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreePBX versions 2.9 and earlier **Description** The issue allows remote attackers to execute arbitrary commands. This is achieved through the `callmenum` parameter in a 'c' action, specifically targeting the `callme startcall` function in `recordings/misc/callme page.php`. **Recommendations** For FreePBX versions 2.9 and earlier, consider disabling the `callme startcall` function until a patch is available. Restrict access to the `recordings/misc/callme page.php` file to minimize the risk of exploitation. Avoid using the `callmenum` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** X-Cart Gold version 4.5 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `symb` parameter in the products map.php file. **Recommendations** For X-Cart Gold version 4.5, consider restricting access to the products map.php file until a patch is available, or avoid using the `symb` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ipswitch WhatsUp Gold version 15.02 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the SNMP system name of the attacking host. **Recommendations** For Ipswitch WhatsUp Gold version 15.02, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SolarWinds Orion Network Performance Monitor versions prior to 10.3.1 **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The affected requests include creating user accounts via the "CreateUserStepContainer" actions to the "/Admin/Accounts/Add/OrionAccount.aspx" endpoint and modifying account privileges via a "ynAdminRights" action to the "/Admin/Accounts/EditAccount.aspx" endpoint. **Recommendations** For versions prior to 10.3.1, update to version 10.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, "/Admin/Accounts/Add/OrionAccount.aspx" and "/Admin/Accounts/EditAccount.aspx", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Plixer Scrutinizer versions prior to 9.5.2 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `q` parameter in the d4d/statusFilter.php file. **Recommendations** For versions prior to 9.5.2, update to version 9.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the d4d/statusFilter.php file to minimize the risk of exploitation. Avoid using the `q` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 5.01 through 7 **Description** The issue is related to a use-after-free vulnerability in the CRecordInstance::TransferToDestination function, allowing remote attackers to execute arbitrary code via crafted HTML or XML documents. This can be achieved through DSO bindings involving XML Island, XML DSOs, or Tabular Data Control (TDC), as demonstrated by nested SPAN or MARQUEE elements. The vulnerability was exploited in the wild in December 2008. It is also described as an invalid pointer reference in the data binding function, which can cause Internet Explorer to exit unexpectedly and potentially allow remote code execution when a user views a specially crafted Web page. **Recommendations** For Microsoft Internet Explorer versions 5.01 through 7, consider disabling data binding as a temporary workaround until a patch is available. Restrict access to potentially vulnerable components, such as XML Island, XML DSOs, or Tabular Data Control (TDC), to minimize the risk of exploitation. Avoid using nested SPAN or MARQUEE elements in HTML or XML documents until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** McAfee Common Management Agent (CMA) versions 3.6.0.574 Patch 3 and earlier **Description** The issue allows remote attackers to corrupt memory and cause a denial of service, resulting in the CMA Framework service crash. This can be achieved by sending requests for the "/spin//AVClient//AVClient.csp" URI with a long invalid method. **Recommendations** For McAfee Common Management Agent (CMA) versions 3.6.0.574 Patch 3 and earlier, consider restricting access to the "/spin//AVClient//AVClient.csp" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 7.53, 7.51, and earlier **Description** The issue is related to a stack-based buffer overflow in the ovwparser.dll module of HP OpenView Network Node Manager. This can be exploited by remote attackers who send a long URI in an HTTP request processed by ovas.exe, potentially allowing the execution of arbitrary code. An example of such an exploit is a certain topology/homeBaseView request. **Recommendations** For HP OpenView Network Node Manager versions 7.53 and 7.51, update to a version later than 7.53 to resolve the issue. For HP OpenView Network Node Manager versions earlier than 7.51, update to a version later than 7.53 to resolve the issue. As a temporary workaround, consider restricting access to the ovas.exe module and the ovwparser.dll file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TFTP Server SP version 1.4 **Description** A stack-based buffer overflow issue allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request. **Recommendations** For TFTP Server SP version 1.4, consider restricting the length of filenames in read or write requests to prevent exploitation until a patch is available. As a temporary workaround, limit access to the TFTP server to trusted sources.

**Name of the Vulnerable Software and Affected Versions** TallSoft Quick TFTP Server Pro version 2.1 **Description** The issue is a stack-based buffer overflow that allows remote attackers to cause a denial of service or execute arbitrary code. This is achieved by sending a long mode field in a read or write request. **Recommendations** For version 2.1, update to a newer version that contains a fix for this issue to prevent remote attackers from causing a denial of service or executing arbitrary code.

**Name of the Vulnerable Software and Affected Versions** HP OpenView Network Node Manager versions 6.41 through 7.51 **Description** The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by providing long arguments to certain executables, such as `ovlogin.exe`, `OpenView5.exe`, `snmpviewer.exe`, and `webappmon.exe`. For example, a long `Action` parameter to `OpenView5.exe` can be used to demonstrate this issue. **Recommendations** For HP OpenView Network Node Manager versions 6.41 through 7.51, consider disabling the executables `ovlogin.exe`, `OpenView5.exe`, `snmpviewer.exe`, and `webappmon.exe` until a patch is available to prevent remote attackers from executing arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Word 2007 Description: A buffer overflow issue in the wwlib.dll component of Microsoft Word allows remote attackers to cause the application to crash and potentially execute arbitrary code. This can be achieved by opening a crafted document. Recommendations: For Microsoft Word 2007, update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows (affected versions not specified) Description: A heap-based buffer overflow issue in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Word 2007 Description: The issue is related to multiple unspecified vulnerabilities that allow remote attackers to cause a denial of service, specifically CPU consumption, via crafted documents. This could be related to a buffer overflow. Recommendations: For Microsoft Word 2007, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** McAfee ePolicy Orchestrator versions prior to 5.0.0 is not specified, however, it is mentioned that versions before 3.5.0.720 are affected. McAfee ProtectionPilot versions prior to 1.1.1.126 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a request to "/spipe/pkg/" with a long source header. **Recommendations** For McAfee ePolicy Orchestrator versions before 3.5.0.720, update to version 3.5.0.720 or later. For McAfee ProtectionPilot versions before 1.1.1.126, update to version 1.1.1.126 or later. As a temporary workaround, consider restricting access to the "/spipe/pkg/" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Mercury (Pegasus) Mail version 4.01 **Description** A buffer overflow issue in the IMAP service allows remote attackers to execute arbitrary code via a long SELECT command. **Recommendations** For Mercury (Pegasus) Mail version 4.01, at the moment, there is no information about a newer version that contains a fix for this vulnerability.