Att4Ckxt3Rr0R1St

**Name of the Vulnerable Software and Affected Versions** Top Games Script version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `gid` parameter in the play.php file. **Recommendations** For version 1.2, avoid using the `gid` parameter in the play.php file until the issue is resolved. As a temporary workaround, consider restricting access to the play.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpLD version 4.1.0 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of administrators for requests that add an administrator via the N action. This occurs in the admin/conf users edit.php file. **Recommendations** For phpLD version 4.1.0, as a temporary workaround, consider restricting access to the admin/conf users edit.php file until a patch is available. Additionally, avoid using the affected functionality to add administrators via the N action until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gallarific PHP Photo Gallery script version 2.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "gallery.php" file. **Recommendations** For Gallarific PHP Photo Gallery script version 2.1, avoid using the `id` parameter in the gallery.php file until a fix is available. Consider implementing input validation and sanitization for the `id` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com janews version 1.0 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary local files. This is achieved by including a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For version 1.0, consider restricting access to the "index.php" endpoint until a patch is available, or avoid using the `controller` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** com rokdownloads versions prior to 1.0.1 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". This is a directory traversal vulnerability in the com rokdownloads component for Joomla!. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `controller` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** KuwaitPHP eSmile (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cid` parameter in a "show" action, specifically targeting the index.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ccNewsletter (com ccnewsletter) version 1.0.5 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `controller` parameter in a ccnewsletter action to "index.php". This is a directory traversal vulnerability. **Recommendations** For version 1.0.5, consider restricting access to the vulnerable `controller` parameter in the ccnewsletter action to minimize the risk of exploitation. As a temporary workaround, avoid using the `controller` parameter with a .. (dot dot) sequence in the ccnewsletter action until a patch is available.