Tal Argoni

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin version 2.9.1.1 **Description** The issue allows remote attackers to obtain sensitive information. This is achieved by making a direct request for "themes/darkblue orange/layout.inc.php", which reveals the path in an error message. **Recommendations** For phpMyAdmin version 2.9.1.1, consider restricting access to the "themes/darkblue orange/layout.inc.php" file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files via a certain HTTP request. This is demonstrated by a request for a router configuration file, related to the /html/defs/ URI. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mirapoint WebMail (affected versions not specified) Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function. This can be demonstrated by using the width style for an IMG element. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ICQ version 2003b Build 3916 Description: A heap-based buffer overflow issue exists in the Answering Service function, allowing local users to cause a denial of service, resulting in an application crash. This can be achieved by inputting a long string in the AwayMsg Presets value, located in the ICQICQProDefaultPrefsPresets registry key. Recommendations: For ICQ version 2003b Build 3916, as a temporary workaround, consider disabling the Answering Service function until a patch is available. Restrict access to modifying the AwayMsg Presets value in the registry key to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Sun iPlanet Messaging Server Messenger Express (affected versions not specified) Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function. This can be demonstrated by setting the width style for an `IMG` element. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VIRtech Netquery (affected versions not specified) Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `User-Agent` HTTP header. This occurs in the `nquser.php` file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.