Blahplok

Name of the Vulnerable Software and Affected Versions: WPS Web Portal System version 0.7.0 Description: The issue allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters into the `art` and `cat` variables. Recommendations: For WPS Web Portal System version 0.7.0, consider restricting access to the `wps shop.cgi` script until a patch is available, and avoid using the `art` and `cat` variables in a way that could allow shell metacharacter injection.

Name of the Vulnerable Software and Affected Versions: pngren (affected versions not specified) Description: The issue concerns the ReadLog function in kaiseki.cgi, which allows remote attackers to execute arbitrary commands. This is achieved by injecting shell metacharacters into the query string. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: imTRSET versions 1.02 and earlier Description: The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters in the `df` parameter of the im trbbs.cgi script. Recommendations: For imTRSET versions 1.02 and earlier, consider restricting access to the im trbbs.cgi script until a fix is available, and avoid using the `df` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** Webhints version 1.03 **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the argument passed to hints.pl. **Recommendations** For Webhints version 1.03, consider restricting access to the hints.pl script until a patch is available, and avoid using shell metacharacters in the argument to prevent command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.