[Oo]

**Name of the Vulnerable Software and Affected Versions** Aardvark Topsites PHP versions 4.2.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `CONFIG[path]` parameter. **Recommendations** For versions 4.2.2 and earlier, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the sources/join.php file until a patch is available. Avoid using the `CONFIG[path]` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Tiny FTPd versions 1.4 and earlier **Description** A buffer overflow issue allows remote attackers to cause a denial of service, resulting in the daemon crashing, by sending a long USER command. **Recommendations** For Tiny FTPd versions 1.4 and earlier, consider updating to a version that is not affected by this issue, as a temporary workaround, restrict access to the USER command to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phplistPro versions 2.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `Language` cookie when `magic quotes gpc` is disabled. **Recommendations** For phplistPro versions 2.0.1 and earlier, enable `magic quotes gpc` to prevent the execution of arbitrary PHP code. As a temporary workaround, consider restricting access to the `config.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Limbo CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `catid` parameter in the weblinks option, specifically in the weblinks.html.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpBB TopList versions 1.3.8 and earlier **Description** The issue allows remote attackers to include arbitrary files via the `phpbb root path` parameter when `register globals` is enabled. **Recommendations** For versions 1.3.8 and earlier, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `toplist.php` file to minimize the risk of exploitation. Avoid using the `phpbb root path` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Knowledge Base Mod for PHPbb versions 2.0.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `module root path` parameter in the `/includes/kb constants.php` file. **Recommendations** For Knowledge Base Mod for PHPbb versions 2.0.2 and earlier, avoid using the `module root path` parameter in the affected API endpoint until the issue is resolved. Restrict access to the `/includes/kb constants.php` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Limbo CMS versions 1.04 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `classes dir` parameter in the classes/adodbt/sql.php file. **Recommendations** For Limbo CMS versions 1.04 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenPHPNuke versions 2.3.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root path` parameter in the master.php file. **Recommendations** For OpenPHPNuke versions 2.3.3 and earlier, consider restricting access to the master.php file until a patch is available. Avoid using the `root path` parameter in the affected file to minimize the risk of exploitation.