Blaster

Name of the Vulnerable Software and Affected Versions: MySQLNewsEngine (affected versions not specified) Description: A remote file inclusion issue in the affichearticles.php3 file of MySQLNewsEngine allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the `newsenginedir` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KhaledMuratList (affected versions not specified) **Description** The issue concerns the storage of sensitive data under the web root with insufficient access control. This allows remote attackers to download a database via a direct request for specific files, such as `CL2F9R1A2C1N.mdb` or `Data2F9R1A2C1N.mdb`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.