Paul Craig

Name of the Vulnerable Software and Affected Versions: Adobe Flash CS3 Professional (affected versions not specified) Adobe Flash MX 2004 (affected versions not specified) Description: The issue is related to multiple heap-based buffer overflows that can be triggered by an SWF file containing long control parameters, potentially allowing remote attackers to execute arbitrary code. Recommendations: For Adobe Flash CS3 Professional, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Flash MX 2004, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cart32 versions prior to 6.4 Description: The issue allows remote attackers to read arbitrary files via the `ImageName` parameter in a "GetImage" action. This can be achieved by appending a NULL byte (%00) sequence followed by an image file extension. For example, a request for a ".txt%00.gif" file could potentially exploit this issue. Recommendations: For versions prior to 6.4, consider restricting access to the `GetImage` action or validating the `ImageName` parameter to prevent appending a NULL byte sequence and an image file extension. As a temporary workaround, restrict the use of the `ImageName` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Horde Application Framework version 3.0.9 **Description** The issue allows remote attackers to read arbitrary files by exploiting a null character in the `url` parameter in the "services/go.php" endpoint. This bypasses a sanity check, potentially leading to unauthorized access to sensitive information. **Recommendations** For Horde Application Framework version 3.0.9, consider restricting access to the "services/go.php" endpoint until a patch is available. As a temporary workaround, avoid using the `url` parameter with null characters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rockliffe MailSite Express versions prior to 6.1.22 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a message body. **Recommendations** For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Rockliffe MailSite Express versions prior to 6.1.22 **Description** The issue allows remote attackers to read arbitrary files by providing a full pathname in the `AttachPath` field of a mail message under composition. This is an absolute path traversal vulnerability. **Recommendations** For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the `AttachPath` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Rockliffe MailSite Express versions prior to 6.1.22 **Description** The issue allows local users to obtain passwords by reading the cookie file or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities, because it saves user passwords in plaintext in cookies when the option to save login information is enabled. **Recommendations** For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue. As a temporary workaround, consider disabling the option to save login information to prevent passwords from being saved in plaintext in cookies. Restrict access to the cookie file to minimize the risk of local users obtaining passwords. Avoid using the `password` variable in cookie files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Rockliffe MailSite Express versions prior to 6.1.22 **Description** The issue allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as `.unk`, `.asa`, and possibly `.htr` and `.aspx`, which are not filtered like the `.asp` extension. **Recommendations** For versions prior to 6.1.22, update to version 6.1.22 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary extensions to minimize the risk of exploitation.