Cr45H3R

**Name of the Vulnerable Software and Affected Versions** Lifetype version 1.0.3 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `show` parameter in the `index.php` file. This is achieved by revealing the path in an error message. **Recommendations** For Lifetype version 1.0.3, consider restricting access to the `index.php` file until a patch is available, or avoid using invalid `show` parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** blur6ex version 0.3.452 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `ID` parameter in various actions, including a `g reply` or `g permaPost` action to the blog shard (`engine/shards/blog.php`), or a `g viewContent` action to the content shard (`engine/shards/content.php`). **Recommendations** For blur6ex version 0.3.452, consider restricting access to the `ID` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `ID` parameter in the `g reply`, `g permaPost`, and `g viewContent` actions. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Craig Knudsen WebCalendar version 1.1.0-CVS Description: The issue allows remote attackers to obtain sensitive information via direct requests to various PHP files, which reveal the path in error messages. The affected files include `includes/index.php`, `tests/add duration test.php`, `tests/all tests.php`, `groups.php`, `nonusers.php`, `includes/settings.php`, `includes/init.php`, `includes/settings.php.orig`, `includes/js/admin.php`, `includes/js/edit entry.php`, `includes/js/edit layer.php`, `includes/js/export import.php`, `includes/js/popups.php`, `includes/js/pref.php`, and `includes/menu/index.php`. Recommendations: For Craig Knudsen WebCalendar version 1.1.0-CVS, consider restricting access to the mentioned PHP files to minimize the risk of exploitation. As a temporary workaround, disable the execution of these files until a patch is available.