Angela Chang

**Name of the Vulnerable Software and Affected Versions** In-Portal version 4.3.1 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `env` parameter. **Recommendations** For In-Portal version 4.3.1, consider disabling the `env` parameter in the index.php file until a patch is available, or enable magic quotes gpc to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** Interspire ActiveKB (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files and possibly have other impacts via directory traversal sequences in the `Panel` parameter of the loadpanel.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.