Steven

Name of the Vulnerable Software and Affected Versions: Drupal module Services versions 5.x before 5.x-0.92 Drupal module Services versions 6.x before 6.x-0.13 Description: The issue allows remote attackers to impersonate other users and gain privileges via a replay attack that sends the same request, due to the lack of timeouts for signed requests. Recommendations: For versions 5.x before 5.x-0.92, update to version 5.x-0.92 or later to resolve the issue. For versions 6.x before 6.x-0.13, update to version 6.x-0.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the fixed version **Description** A remote code execution issue exists in the way the WebDAV Mini-Redirector handles responses, allowing attackers to execute arbitrary code via a crafted WebDAV response. This could enable an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts. **Recommendations** For Microsoft Windows XP SP2, update to a version that includes the fix for this issue. For Microsoft Windows Server 2003 SP1 and SP2, update to a version that includes the fix for this issue. For Microsoft Windows Vista, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the WebDAV Mini-Redirector until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Drupal versions prior to 4.5.2 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via certain inputs. This is due to a vulnerability in the common.inc file. **Recommendations** For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Infinite Mobile Delivery Webmail version 2.6 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the URL. This could potentially lead to unauthorized actions on the web application. **Recommendations** For Infinite Mobile Delivery Webmail version 2.6, update to a version that includes a fix for this issue, as using outdated software can pose significant security risks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Infinite Mobile Delivery Webmail version 2.6 **Description** The issue allows remote attackers to gain sensitive information via an HTTP request containing invalid characters for a Windows folder name, which reveals the path in an error message. **Recommendations** For Infinite Mobile Delivery Webmail version 2.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** pGina versions 1.7.6 and possibly older **Description** The issue allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown when the Restart or Shutdown options are enabled on the login screen. **Recommendations** For pGina version 1.7.6 and possibly older, consider disabling the Restart or Shutdown options on the login screen to prevent remote attackers from causing a denial of service.