Netanel Rubin

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.x through 3.x **Description** The issue allows SQL injection via user preferences. **Recommendations** For Moodle versions 2.x through 3.x, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Magento CE and EE versions prior to 2.0.6 **Description** The issue allows remote attackers to conduct PHP object injection attacks, enabling them to execute arbitrary PHP code. This is achieved by sending crafted serialized shopping cart data. **Recommendations** For versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.3.1 **Description** A cross-site scripting (XSS) issue exists due to the mishandling of unclosed HTML elements during processing of shortcode tags, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.3.1 **Description** The issue allows remote authenticated users to bypass intended access restrictions. This can lead to a private post being published and made sticky. **Recommendations** For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.x through 4.2.14 Bugzilla versions 4.3.x through 4.3.x before 4.4.10 Bugzilla versions 4.4.x through 4.4.9 Bugzilla versions 5.x through 5.0.0 **Description** The issue mishandles long e-mail addresses during account registration, allowing remote attackers to obtain default privileges for an arbitrary domain name by placing that name in a substring of an address. This can be demonstrated by the truncation of an @mozilla.com.example.com address to an @mozilla.com address. **Recommendations** For Bugzilla versions 2.x through 4.2.14, update to version 4.2.15 or later. For Bugzilla versions 4.3.x through 4.3.x before 4.4.10, update to version 4.4.10 or later. For Bugzilla versions 4.4.x through 4.4.9, update to version 4.4.10 or later. For Bugzilla versions 5.x through 5.0.0, update to version 5.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 4.2.3 **Description** The issue allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role. This can be achieved by sending a post-quickdraft-save action to the "wp-admin/post.php" endpoint. **Recommendations** For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Magento Community Edition (CE) version 1.9.1.0 Magento Enterprise Edition (EE) version 1.14.1.0 **Description** A remote file inclusion issue exists in the `fetchView` function within the `Mage Core Block Template Zend` class, allowing remote administrators to execute arbitrary PHP code. This is achieved via a URL in unspecified vectors involving the `setScriptPath` function. It is unclear whether this issue crosses privilege boundaries, as administrators may already have privileges to include arbitrary files. **Recommendations** For Magento Community Edition (CE) version 1.9.1.0, consider disabling the `fetchView` function in the `Mage Core Block Template Zend` class as a temporary workaround until a patch is available. For Magento Enterprise Edition (EE) version 1.14.1.0, restrict access to the `setScriptPath` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Magento Community Edition versions 1.9.1.0 Magento Enterprise Edition versions 1.14.1.0 **Description** The issue allows remote authenticated users to include and execute certain PHP files. This can be achieved via .. (dot dot) sequences in the PATH INFO to index.php or through vectors involving a block value in the ` directive` parameter to the Cms Wysiwyg controller in the Adminhtml module. The issue is related to the `blockDirective` function and the auto loading mechanism. **Recommendations** For Magento Community Edition version 1.9.1.0, consider restricting access to the Adminhtml module until a patch is available. For Magento Enterprise Edition version 1.14.1.0, consider disabling the Cms Wysiwyg controller as a temporary workaround until a fix is provided. Avoid using the ` directive` parameter in the Cms Wysiwyg controller until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Movable Type versions prior to 5.18 Movable Type versions 5.2.x prior to 5.2.11 Movable Type versions 6.x prior to 6.0.6 **Description** A SQL injection issue exists in the XML-RPC interface, allowing remote attackers to execute arbitrary SQL commands. **Recommendations** For Movable Type versions prior to 5.18, update to version 5.18 or later. For Movable Type versions 5.2.x prior to 5.2.11, update to version 5.2.11 or later. For Movable Type versions 6.x prior to 6.0.6, update to version 6.0.6 or later.