Darren Mcdonald

**Name of the Vulnerable Software and Affected Versions** Virtual War (aka VWar) version 1.6.1 R2 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, by providing a large integer in the `ratearticleselect` parameter. This is related to the "article.php" component. **Recommendations** For Virtual War (aka VWar) version 1.6.1 R2, consider restricting access to the "article.php" component to minimize the risk of exploitation, and avoid using the `ratearticleselect` parameter with large integers until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Virtual War (aka VWar) version 1.6.1 R2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ratearticleselect` parameter in the "article.php" file. **Recommendations** For Virtual War (aka VWar) version 1.6.1 R2, avoid using the `ratearticleselect` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Virtual War (aka VWar) version 1.6.1 R2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various fields, including the Additional Information field to "challenge.php", the Additional Information or Contact information field to "joinus.php", the War Report field to "admin/admin.php" in a finishwar action, or the Nick field to "profile.php". **Recommendations** For Virtual War (aka VWar) version 1.6.1 R2, as a temporary workaround, consider restricting user input in the mentioned fields until a patch is available. Avoid using the `Additional Information`, `Contact information`, `War Report`, and `Nick` fields in the respective API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Virtual War (aka VWar) version 1.6.1 R2 **Description** The issue allows remote attackers to bypass intended member restrictions and read news posts. This is achieved by modifying the `newsid` parameter in a "printnews" action. **Recommendations** For Virtual War (aka VWar) version 1.6.1 R2, avoid using the `newsid` parameter in the "printnews" action until the issue is resolved. Restrict access to the "printnews" action to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Virtual War (aka VWar) version 1.6.1 R2 **Description** The issue concerns the `createRandomPassword` function, which uses a limited range of values for the seed argument in the PHP `mt srand` function. This limitation makes it easier for remote attackers to determine randomly generated passwords through a brute-force attack. **Recommendations** For Virtual War (aka VWar) version 1.6.1 R2, consider modifying the `createRandomPassword` function to utilize a more secure method for generating random passwords, such as using a cryptographically secure pseudorandom number generator. As a temporary workaround, restrict access to password generation functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Virtual War (aka VWar) version 1.6.1 R2 **Description** The issue allows remote attackers to bypass timeout and logout actions, retaining access for a long period. This is possible because the software uses static session cookies that depend only on a user's password. By leveraging knowledge of a session cookie, attackers can exploit this. **Recommendations** For Virtual War (aka VWar) version 1.6.1 R2, consider implementing dynamic session cookies that incorporate additional factors beyond just the user's password to prevent attackers from bypassing timeout and logout actions. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** One Click Orgs versions prior to 1.2.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the description field of a new vote or the eject member proposal feature, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** One Click Orgs versions prior to 1.2.3 **Description** The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the `return to` parameter. Additionally, remote authenticated users can redirect users to arbitrary web sites and conduct phishing attacks via crafted characters in the domain name of a subdomain. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `return to` parameter and limiting the ability to create subdomains with crafted domain names to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** One Click Orgs versions prior to 1.2.3 **Description** The issue allows remote authenticated users to trigger crafted SMTP traffic via specific characters in an org name or e-mail address, related to a "2nd Order SMTP Injection" issue. This can be achieved by including (1) double quote and newline characters in an org name or (2) double quote characters in an e-mail address. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of double quote and newline characters in org names and double quote characters in e-mail addresses to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** One Click Orgs versions prior to 1.2.3 **Description** The issue allows remote authenticated users to cause a denial of service or spoof votes and comments by selecting a conflicting e-mail address, as the software does not require unique e-mail addresses for user accounts. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** One Click Orgs versions prior to 1.2.3 **Description** The issue makes it easier for remote attackers to obtain access by leveraging an unattended workstation, as the authentication fields lack an off autocomplete attribute. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to include the off autocomplete attribute for authentication fields and mitigate the risk of unauthorized access.

**Name of the Vulnerable Software and Affected Versions** One Click Orgs versions prior to 1.2.3 **Description** The password reset feature generates different error messages for failed reset attempts depending on whether the e-mail address is registered. This allows remote attackers to enumerate user accounts via a series of requests. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider modifying the password reset feature to return generic error messages for all failed reset attempts, regardless of whether the e-mail address is registered.