Beford

**Name of the Vulnerable Software and Affected Versions** Apache Xerces-C versions prior to 3.1.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault and crash, via crafted XML data. This is due to a problem in the internal/XMLReader.cpp file. **Recommendations** For versions prior to 3.1.2, update to version 3.1.2 or later to resolve the issue. As a temporary workaround, consider restricting the input of crafted XML data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SumatraPDF version 2.1.1 MuPDF version 1.0 **Description** The issue allows remote attackers to cause an integer overflow in the `lex number()` function via a corrupt PDF file. It is also caused by a signedness error in the `pdf repair obj stm()` function when processing a stream, which can be exploited to corrupt memory via a specially crafted length number. **Recommendations** For SumatraPDF version 2.1.1, consider disabling the `lex number()` function until a patch is available. For MuPDF version 1.0, restrict access to the `pdf repair obj stm()` function to minimize the risk of exploitation. As a temporary workaround, avoid using specially crafted PDF files that could trigger the integer overflow in the `lex number()` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Gforge versions 4.6 rc1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `skill edit[]` parameter in the people/editprofile.php file. **Recommendations** For Gforge versions 4.6 rc1 and earlier, consider restricting access to the people/editprofile.php file until a patch is available. As a temporary workaround, avoid using the `skill edit[]` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RealVNC Windows Client version 4.1.2.0 **Description** The issue allows remote VNC servers to cause a denial of service, resulting in an application crash, by sending a crafted frame buffer update packet. **Recommendations** For RealVNC Windows Client version 4.1.2.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** phPay versions 2.02 through 2.02.1 **Description** The issue allows remote attackers to use the server as an open mail relay. This is possible when the `register globals` setting is enabled, and attackers can modify certain parameters, including `mail text2`, `user row[5]`, `nu mail 1`, and `shop mail`. **Recommendations** For phPay versions 2.02 through 2.02.1, disable the `register globals` setting to prevent exploitation. Additionally, restrict access to the `nu mail.inc.php` file and avoid using the vulnerable parameters until a fix is available.

**Name of the Vulnerable Software and Affected Versions** The Search Engine Project (TSEP) versions 0.942 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `tsep config[absPath]` parameter to various PHP files, including "include/colorswitch.php", "contentimages.class.php", "ipfunctions.php", "configfunctions.php", "printpagedetails.php", and "log.class.php". **Recommendations** For versions 0.942 and earlier, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the `tsep config[absPath]` parameter in URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kayako eSupport versions 2.3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `subd` parameter when `register globals` is enabled. **Recommendations** For Kayako eSupport versions 2.3.1 and earlier, disable the `register globals` setting to prevent exploitation. As a temporary workaround, consider restricting access to the `esupport/admin/autoclose.php` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Redaxo version 2.7.4 **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `REX[INCLUDE PATH]` parameter in certain files, including `addons/import export/pages/index.inc.php` and `pages/community.inc.php`. **Recommendations** For Redaxo version 2.7.4, consider restricting access to the `REX[INCLUDE PATH]` parameter in the affected files until a patch is available. As a temporary workaround, avoid using the `REX[INCLUDE PATH]` parameter in the `/addons/import export/pages/index.inc.php` and `/pages/community.inc.php` API endpoints.

**Name of the Vulnerable Software and Affected Versions** Redaxo version 3.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved by exploiting remote file inclusion vulnerabilities via a URL in the `REX[INCLUDE PATH]` parameter to specific API endpoints, such as "simple user/pages/index.inc.php" and "stats/pages/index.inc.php". **Recommendations** For Redaxo version 3.0, consider restricting access to the `REX[INCLUDE PATH]` parameter in the affected API endpoints to minimize the risk of exploitation. Additionally, avoid using the `REX[INCLUDE PATH]` parameter with untrusted input until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Redaxo versions 3.0 through 3.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `REX[INCLUDE PATH]` parameter to "image resize/pages/index.inc.php" API endpoint. **Recommendations** For Redaxo versions 3.0 through 3.2, as a temporary workaround, consider restricting access to the `image resize/pages/index.inc.php` endpoint until a patch is available. Avoid using the `REX[INCLUDE PATH]` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Bytehoard version 2.1 Epsilon/Delta **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `bhconfig[bhfilepath]` parameter in the includes/webdav/server.php file. **Recommendations** For Bytehoard version 2.1 Epsilon/Delta, consider restricting access to the `includes/webdav/server.php` file and avoid using the `bhconfig[bhfilepath]` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Plume version 1.0.3 **Description** The issue allows remote attackers to execute arbitrary code via a URL in the ` PX config[manager path]` parameter in the `manager/frontinc/prepend.php` file. **Recommendations** For Plume version 1.0.3, consider restricting access to the `manager/frontinc/prepend.php` file to minimize the risk of exploitation. Avoid using the ` PX config[manager path]` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Docebo LMS version 2.05 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lang` parameter to specific API endpoints, including "modules/credits/business.php", "modules/credits/credits.php", or "modules/credits/help.php". **Recommendations** For Docebo LMS version 2.05, consider disabling access to the vulnerable API endpoints "modules/credits/business.php", "modules/credits/credits.php", and "modules/credits/help.php" until a patch is available. Restrict the use of the `lang` parameter in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** V-Webmail versions 1.5 through 1.6.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `CONFIG[pear dir]` parameter in the includes/mailaccess/pop3.php file. **Recommendations** For V-Webmail versions 1.5 through 1.6.4, consider restricting access to the `includes/mailaccess/pop3.php` file until a patch is available. Avoid using the `CONFIG[pear dir]` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** V-Webmail version 1.3 **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `CONFIG[pear dir]` parameter in the includes/mailaccess/pop3/core.php file. **Recommendations** For V-Webmail version 1.3, consider restricting access to the `CONFIG[pear dir]` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dokeos version 1.6.4 **Description** A remote file inclusion issue in the authldap.php file allows remote attackers to execute arbitrary PHP code via a URL in the `includePath` parameter. **Recommendations** For Dokeos version 1.6.4, consider restricting access to the `authldap.php` file or the `includePath` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Claroline version 1.7.5 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved via a URL in the `clarolineRepositorySys` parameter in 'ldap.inc.php' and the `claro CasLibPath` parameter in 'casProcess.inc.php'. **Recommendations** For Claroline version 1.7.5, consider disabling the `clarolineRepositorySys` parameter in 'ldap.inc.php' and the `claro CasLibPath` parameter in 'casProcess.inc.php' as a temporary workaround until a patch is available. Restrict access to 'ldap.inc.php' and 'casProcess.inc.php' to minimize the risk of exploitation. Avoid using the `clarolineRepositorySys` and `claro CasLibPath` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jetbox CMS version 2.1 **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `relative script path` parameter in the includes/config.php file. **Recommendations** For Jetbox CMS version 2.1, update the includes/config.php file to properly validate and sanitize the `relative script path` parameter to prevent remote file inclusion attacks. As a temporary workaround, consider restricting access to the includes/config.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** DMCounter version 0.9.2-b **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `rootdir` parameter. This is a result of a PHP remote file inclusion vulnerability in the kopf.php file. **Recommendations** For DMCounter version 0.9.2-b, consider restricting access to the `rootdir` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tolva PHP website system version 0.1.0 **Description** The issue allows remote attackers to execute arbitrary code via a URL in the `ROOT` parameter in the usermods.php file. This enables attackers to potentially gain control over the system. **Recommendations** For Tolva PHP website system version 0.1.0, consider restricting access to the usermods.php file and avoid using the `ROOT` parameter in URLs until a patch is available. As a temporary workaround, restrict the use of the `ROOT` parameter to minimize the risk of exploitation.