Ahmad Muammar W.K

Name of the Vulnerable Software and Affected Versions: OPENi-CMS version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `config[oi dir]` and possibly `config[openi dir]` parameters to "open-admin/plugins/site protection/index.php" API endpoint. Recommendations: For OPENi-CMS version 1.0, avoid using the `config[oi dir]` and `config[openi dir]` parameters in the "open-admin/plugins/site protection/index.php" API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cadre PHP Framework version 20020724 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `config` parameter, specifically `GLOBALS[config][framework path]`. **Recommendations** For Cadre PHP Framework version 20020724, consider restricting access to the `fw/class.Quick Config Browser.php` file until a patch is available. As a temporary workaround, avoid using the `GLOBALS[config][framework path]` parameter in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** Upload-Service version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `maindir` parameter when `register globals` is enabled. This is a result of a PHP remote file inclusion vulnerability in the upload/top.php file. **Recommendations** For Upload-Service version 1.0, consider disabling the `register globals` setting to prevent exploitation, and restrict access to the upload/top.php file until a patch is available. As a temporary workaround, avoid using the `maindir` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Opera version 9 **Description** The issue is related to a crafted web page that triggers an out-of-bounds memory access, specifically when a malformed 'iframe' tag is combined with JavaScript to access certain style sheet properties. This can cause a denial of service, resulting in a crash and loss of availability for the browser. **Recommendations** For Opera version 9, consider disabling JavaScript or restricting access to iframes as a temporary workaround to minimize the risk of exploitation. Avoid using style sheet properties in combination with iframes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Java Mail Enterprise Server (aka Apache James) version 2.2.0 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending a long argument to the `MAIL` command in the SMTP server. **Recommendations** For Apache Java Mail Enterprise Server (aka Apache James) version 2.2.0, consider restricting access to the SMTP server or limiting the length of arguments to the `MAIL` command as a temporary workaround until a patch is available.