Nicolas Gregoire

Name of the Vulnerable Software and Affected Versions: Ektron Content Management System (CMS) versions prior to 8.02 SP5 Description: The issue allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data, due to the use of the XslCompiledTransform class with enablescript set to true. Recommendations: For versions prior to 8.02 SP5, update to version 8.02 SP5 or later to resolve the issue. As a temporary workaround, consider disabling the use of the XslCompiledTransform class with enablescript set to true until a patch is available. Restrict access to XSL data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Batik versions 1.x before 1.8 **Description** The issue is related to an XML external entity (XXE) vulnerability in the SVG to PNG and JPG conversion classes. This allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file. There is also a mention of a similar issue in Schneider Electric EcoStruxure Data Center Expert, related to XML External Entity Processing Information Disclosure. **Recommendations** For Apache Batik versions 1.x before 1.8, update to version 1.8 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the Schneider Electric EcoStruxure Data Center Expert XML External Entity Processing Information Disclosure Vulnerability.

**Name of the Vulnerable Software and Affected Versions** HP Virtual SAN Appliance version prior to 9.5 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the second parameter of the 'lhn/public/network/ping' endpoint. **Recommendations** For versions prior to 9.5, update to version 9.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HP SAN/iQ versions prior to 9.5 **Description** The issue concerns a hardcoded password in hydra.exe for the global$agent account. This hardcoded password is L0CAlu53R, allowing remote attackers to gain access to a management service. The attack vector involves sending a login request to TCP port 13838. **Recommendations** For HP SAN/iQ versions prior to 9.5, change the hardcoded password L0CAlu53R for the global$agent account to prevent unauthorized access. As a temporary workaround, consider restricting access to TCP port 13838 until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 20.0.1132.43 **Description** The issue is related to the XSL implementation, allowing remote attackers to cause a denial of service through unspecified vectors, resulting in an incorrect read operation. **Recommendations** For versions prior to 20.0.1132.43, update to version 20.0.1132.43 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel versions 2002 SP3, 2003 SP3, and 2007 SP2 Office 2004 and 2008 for Mac Open XML File Format Converter for Mac Excel Viewer SP2 Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted Excel spreadsheet, related to improper validation of record information. This issue can lead to memory corruption. A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files, allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** For Microsoft Excel 2002 SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2003 SP3, update to a newer version to mitigate the risk. For Microsoft Excel 2007 SP2, update to a newer version to mitigate the risk. For Office 2004 and 2008 for Mac, update to a newer version to mitigate the risk. For Open XML File Format Converter for Mac, update to a newer version to mitigate the risk. For Excel Viewer SP2, update to a newer version to mitigate the risk. For Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2, update to a newer version to mitigate the risk. As a temporary workaround, consider avoiding the use of crafted Excel spreadsheets until a patch is available. Restrict access to the vulnerable Excel handling component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSLP versions prior to SVN revision 1647 VMware ESX versions 4.0 and 4.1 VMware ESXi versions 4.0 and 4.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending a packet with a "next extension offset" that references the current extension or a previous one. **Recommendations** For OpenSLP versions prior to SVN revision 1647, update to a version after SVN revision 1647 to resolve the issue. For VMware ESX versions 4.0 and 4.1, consider updating to a newer version that incorporates the fix for OpenSLP. For VMware ESXi versions 4.0 and 4.1, consider updating to a newer version that incorporates the fix for OpenSLP.

**Name of the Vulnerable Software and Affected Versions** info2www versions prior to 1.2.2.9 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www, which is a cross-site scripting (XSS) vulnerability. **Recommendations** For versions prior to 1.2.2.9, update to version 1.2.2.9 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 2.6.0-pl2 and prior to 2.6.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters when external transformations are enabled. Recommendations: For versions 2.6.0-pl2 and prior to 2.6.1, update to version 2.6.1 or later to resolve the issue. As a temporary workaround, consider disabling external transformations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 SUSE Linux Enterprise (affected versions not specified) **Description** The issue is related to improper libxslt security settings in WebKit, allowing remote attackers to create arbitrary files and execute arbitrary code via a crafted web site. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. **Recommendations** For Apple Safari versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. For SUSE Linux Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.