Patrik Karlsson

**Name of the Vulnerable Software and Affected Versions** IBM Lotus Domino (affected versions not specified) **Description** The default configuration of the server console in IBM Lotus Domino does not require a password, allowing physically proximate attackers to perform administrative changes or obtain sensitive information via a Load, Tell, or Set Configuration command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.3 **Description** A directory traversal issue in the AFP Server allows remote attackers to list a share root's parent directory and read and modify files within it. The exact vectors used for exploitation are not specified. **Recommendations** For versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the AFP Server until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** WordPress versions prior to 2.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. **Recommendations** For versions prior to 2.0, update to a version that is 2.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Citrix Program Neighborhood client versions 9.0 and earlier **Description** A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a long name value in an Application Set response. **Recommendations** For versions 9.0 and earlier, update to a version later than 9.0 to resolve the issue.