Dr Max Virus

**Name of the Vulnerable Software and Affected Versions** PhpSherpa (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `racine` parameter in the include/config.inc.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: P-News versions 1.16 through 1.17 Description: The issue allows remote attackers to obtain sensitive information, including the administrative account name and password hash, due to insufficient access control. This is achieved by making a direct request for the db/user.dat file, which stores sensitive information under the web root. Recommendations: For P-News versions 1.16 through 1.17, consider restricting access to the db/user.dat file to minimize the risk of exploitation. As a temporary workaround, limit direct requests to this file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Tucows Client Code Suite (CCS) versions 1.2.1015 and earlier **Description** A remote file inclusion issue allows attackers to execute arbitrary PHP code via a URL in the ` ENV[TCA HOME]` parameter. This can be exploited by providing a malicious URL, potentially leading to the execution of unauthorized code. **Recommendations** For Tucows Client Code Suite (CCS) versions 1.2.1015 and earlier, as a temporary workaround, consider restricting access to the `libs/tucows/api/cartridges/crt TUCOWS domains/lib/domainutils.inc.php` file until a patch is available. Avoid using the ` ENV[TCA HOME]` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NewsSuite version 1.03 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mx root path` parameter in the includes/newssuite constants.php file. This can be exploited by providing a malicious URL, potentially leading to code execution. **Recommendations** For NewsSuite version 1.03, consider restricting access to the `mx root path` parameter to minimize the risk of exploitation. Avoid using the `mx root path` parameter with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** J-OWAMP Web Interface version 2.1 **Description** The issue allows remote authenticated users to execute arbitrary PHP code via a URL in the `link` parameter in the JOWAMP ShowPage.php file. **Recommendations** For J-OWAMP Web Interface version 2.1, consider restricting access to the JOWAMP ShowPage.php file until a patch is available. As a temporary workaround, avoid using the `link` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Flyspray ME version 1.0.1 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the startdown.php file. This is achieved by using a .. (dot dot) in the `file` parameter. **Recommendations** For Flyspray ME version 1.0.1, consider restricting access to the startdown.php file until a patch is available. As a temporary workaround, avoid using the `file` parameter in the affected component to minimize the risk of exploitation.