Tr0Y

Name of the Vulnerable Software and Affected Versions: Shop-Script (affected versions not specified) Description: The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in various parameters, including `links exchange`, `news`, `search with change category ability`, `logging`, `feedback`, `show price`, `register`, `answer`, `productID`, and `inside`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZoneAlarm Pro version 6.0 ZoneAlarm Internet Security Suite version 6.0 ZoneAlarm Anti-Virus version 6.0 ZoneAlarm Anti-Spyware versions 6.0 through 6.1 ZoneAlarm version 6.0 **Description** The issue allows remote attackers to bypass the Advanced Program Control and OS Firewall filters setting. This can be achieved via URLs in HTML Modal Dialogs, specifically through the `window.location.href` property contained within JavaScript tags. **Recommendations** For ZoneAlarm Pro version 6.0, update to a version that addresses this issue. For ZoneAlarm Internet Security Suite version 6.0, update to a version that addresses this issue. For ZoneAlarm Anti-Virus version 6.0, update to a version that addresses this issue. For ZoneAlarm Anti-Spyware versions 6.0 through 6.1, update to a version that addresses this issue. For ZoneAlarm version 6.0, update to a version that addresses this issue. As a temporary workaround, consider restricting the use of JavaScript tags until a patch is available.