Timothy D. Morgan

Name of the Vulnerable Software and Affected Versions: Ushahidi versions prior to 2.6.1 Description: The issue is related to insufficient entropy for forgot-password tokens. Recommendations: For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ushahidi Platform versions prior to 2.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through vectors related to (1) the `verify` function in `application/controllers/alerts.php`, (2) the `save all` function in `application/models/settings.php`, or (3) the media type to the `timeline` function in `application/controllers/json.php`. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ushahidi Platform versions prior to 2.5 **Description** The issue concerns SQL injection vulnerabilities in the edit functions of certain PHP files within the Ushahidi Platform. Specifically, the vulnerabilities are located in the `application/controllers/admin/reports.php` and `application/controllers/members/reports.php` files. These vulnerabilities allow remote attackers to execute arbitrary SQL commands via an incident id. **Recommendations** For versions prior to 2.5, update to version 2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `reports.php` files in the `admin` and `members` controllers to minimize the risk of exploitation. Avoid using the incident id parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Redland Raptor (aka libraptor) versions prior to 2.0.7 LibreOffice versions prior to 3.4.6 and 3.5.x prior to 3.5.1 OpenOffice versions 3.3 and 3.4 Beta **Description** The issue allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. This can lead to the disclosure of confidential information. The exploitation of this issue requires active actions from the user. **Recommendations** For Redland Raptor (aka libraptor) versions prior to 2.0.7, update to version 2.0.7 or later. For LibreOffice versions prior to 3.4.6, update to version 3.4.6 or later. For LibreOffice version 3.5.x prior to 3.5.1, update to version 3.5.1 or later. For OpenOffice versions 3.3 and 3.4 Beta, consider updating to a newer version that is not affected by this issue, as specific fixes for these versions may not be available. As a temporary workaround, consider restricting the use of RDF documents and XML external entity declarations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 4.0.249.89 **Description** The issue allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication. This can be achieved by using a URL in the SRC attribute of an IMG element, which can lead to the disclosure of credentials stored by Password Manager for a different web site. **Recommendations** For versions prior to 4.0.249.89, update to version 4.0.249.89 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JDK and JRE 6 versions 6 Update 10 and earlier JDK and JRE 5.0 versions 5.0 Update 16 and earlier SDK and JRE 1.4.2 versions 1.4.2 18 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a crafted jnlp file that modifies the `java.home`, `java.ext.dirs`, or `user.home` System Properties. This is related to the "Java Web Start File Inclusion" issue. **Recommendations** For JDK and JRE 6 versions 6 Update 10 and earlier, update to a version later than 6 Update 10. For JDK and JRE 5.0 versions 5.0 Update 16 and earlier, update to a version later than 5.0 Update 16. For SDK and JRE 1.4.2 versions 1.4.2 18 and earlier, update to a version later than 1.4.2 18. As a temporary workaround, consider restricting the use of crafted jnlp files that modify the `java.home`, `java.ext.dirs`, or `user.home` System Properties until a patch is available.

**Name of the Vulnerable Software and Affected Versions** AFFLIB versions prior to 2.2.6 **Description** The issue is caused by multiple stack-based buffer overflows, which can lead to a denial of service (crash) or possibly allow remote attackers to execute arbitrary code. This can occur through various means, including a long LastModified value in an S3 XML response, a long path or bucket in an S3 URL, or a long EFW, AFD, or certain file paths. **Recommendations** For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the `lib/s3.cpp` and `lib/vnode s3.cpp` components to minimize the risk of exploitation. Avoid using long values for LastModified, path, bucket, EFW, AFD, or file paths in affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tivoli Access Manager (TAM) version 5.1 **Description** A directory traversal issue exists in the Tivoli Web Server Plug-in, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `filename` parameter. **Recommendations** For Tivoli Access Manager (TAM) version 5.1, consider restricting access to the pkmslogout function in the Tivoli Web Server Plug-in until a patch is available. Avoid using the `filename` parameter with untrusted input to minimize the risk of exploitation.