Dr.Pantagon

**Name of the Vulnerable Software and Affected Versions** Network-Client FTP Now versions 2.6 and possibly other versions **Description** A heap-based buffer overflow issue allows remote FTP servers to cause a denial of service (crash) via a 200 server response that is exactly 1024 characters long. **Recommendations** For version 2.6, update to a version that fixes this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Internet Download Accelerator version 5.2 idaiehlp.dll version 1.9.1.74 Description: The issue is related to a buffer overflow in the NotSafe function within the idaiehlp ActiveX control. This can be exploited by remote attackers to cause a denial of service, specifically leading to an Internet Explorer crash, by providing a long argument. Recommendations: For Internet Download Accelerator version 5.2, consider disabling the idaiehlp ActiveX control until a patch is available. Restrict access to the NotSafe function in the idaiehlp.dll to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CMSmelborp Beta **Description** A remote file inclusion issue in the includes/user standard.php file allows remote attackers to execute arbitrary PHP code via a URL in the `relative root` parameter. **Recommendations** For CMSmelborp Beta, consider restricting access to the `includes/user standard.php` file until a patch is available. As a temporary workaround, avoid using the `relative root` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mafia Scum Tools version 2.0.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `gen` parameter in the index.php file of Matthew Wardrop Advanced Random Generators. **Recommendations** For Mafia Scum Tools version 2.0.0, consider restricting access to the index.php file or the `gen` parameter to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpIndexPage versions 1.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `env[inc path]` parameter in the config.php file. **Recommendations** For versions 1.0.1 and earlier, consider restricting access to the config.php file and avoid using the `env[inc path]` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axiom Photo/News Gallery version 0.8.6 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `baseAxiomPath` parameter in the template.php file. **Recommendations** For version 0.8.6, avoid using the `baseAxiomPath` parameter in the template.php file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Yrch! version 1.0 Description: A remote file inclusion issue exists in the plugins/metasearch/plug.inc.php file, allowing remote attackers to execute arbitrary PHP code via a URL in the `path` parameter. Recommendations: For Yrch! version 1.0, as a temporary workaround, consider restricting access to the `plug.inc.php` file in the `plugins/metasearch` directory until a patch is available. Avoid using the `path` parameter in the affected plugin until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Vortex Blog (vBlog, aka C12) version a0.1 nonfunc **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfgProgDir` parameter in (1) "secure.php" or (2) "checklogin.php" in admin/auth/. **Recommendations** For Vortex Blog (vBlog, aka C12) version a0.1 nonfunc, as a temporary workaround, consider restricting access to the `secure.php` and `checklogin.php` files in the admin/auth/ directory until a patch is available. Avoid using the `cfgProgDir` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** yaplap versions 0.6 through 0.6.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `LOGIN style` parameter in the ldap.php file. **Recommendations** For yaplap versions 0.6 through 0.6.1, consider restricting access to the ldap.php file to minimize the risk of exploitation. Avoid using the `LOGIN style` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gizzar versions 03162002 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `basePath` parameter in the index.php file. This enables attackers to potentially compromise the system by injecting malicious code. **Recommendations** For Gizzar versions 03162002 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** awrate version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `toroot` parameter to "search.php". **Recommendations** For awrate version 1.0, consider restricting access to the `search.php` endpoint or validating the `toroot` parameter to prevent remote file inclusion attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NukeAI version 0.0.3 Beta **Description** A direct static code injection issue allows remote attackers to upload and execute arbitrary PHP code. This is achieved by sending a filename with a .php extension in the `filename` parameter and malicious code in the `moreinfo` parameter. The code is saved to a file under the descriptions/ directory, which can be accessed directly. **Recommendations** For NukeAI version 0.0.3 Beta, consider restricting access to the util.php file and the descriptions/ directory to prevent exploitation. As a temporary workaround, avoid using the `filename` and `moreinfo` parameters in the affected module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PEGames (affected versions not specified) **Description** The issue allows remote attackers to conduct PHP remote file inclusion attacks. This is possible because the `index.php` file in PEGames uses the `extract` function, which overwrites critical variables. The `abs url` parameter is used in this attack, and it is later extracted to overwrite a previously uncontrolled value. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NukeAI version 0.0.3 Beta **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `AIbasedir` parameter in the modules/NukeAI/util.php file. This is related to a remote file inclusion vulnerability. **Recommendations** For NukeAI version 0.0.3 Beta, consider restricting access to the `util.php` file in the modules/NukeAI directory to minimize the risk of exploitation. Avoid using the `AIbasedir` parameter in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OWLLib version 1.0 **Description** A remote file inclusion issue in the memory/OWLMemoryProperty.php file of OWLLib allows remote attackers to execute arbitrary PHP code by providing a URL in the `OWLLIB ROOT` parameter. **Recommendations** For OWLLib version 1.0, consider restricting access to the `OWLLIB ROOT` parameter to prevent remote file inclusion attacks until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** e-Ark version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `cfg pear path` parameter in the src/ark inc.php file. **Recommendations** For e-Ark version 1.0, consider restricting access to the `cfg pear path` parameter to minimize the risk of exploitation. Avoid using the `cfg pear path` parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IrayoBlog version alpha-0.2.4 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `irayodirhack` parameter in the inc/irayofuncs.php file. **Recommendations** For IrayoBlog version alpha-0.2.4, consider restricting access to the `irayodirhack` parameter in the inc/irayofuncs.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: phpDynaSite versions 3.2.2 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `racine` parameter to specific API endpoints, such as "function log.php", "function balise url.php", or "connection.php". Recommendations: For phpDynaSite versions 3.2.2 and earlier, consider restricting access to the `racine` parameter in the affected API endpoints until a patch is available. As a temporary workaround, consider disabling the execution of remote PHP code in "function log.php", "function balise url.php", and "connection.php" to minimize the risk of exploitation. Avoid using the `racine` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 6.0 SP1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by utilizing a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects. These objects include DXImageTransform.Microsoft.MaskFilter.1, DXImageTransform.Microsoft.Chroma.1, and DX3DTransform.Microsoft.Shapes.1 from the dxtmsft.dll and dxtmsft3.dll libraries. **Recommendations** For Microsoft Internet Explorer version 6.0 SP1, consider disabling the use of DirectX Media Image DirectX Transforms ActiveX COM Objects, specifically DXImageTransform.Microsoft.MaskFilter.1, DXImageTransform.Microsoft.Chroma.1, and DX3DTransform.Microsoft.Shapes.1, until a patch is available. Restrict access to the dxtmsft.dll and dxtmsft3.dll libraries to minimize the risk of exploitation. Avoid using long Color attributes in these ActiveX objects to prevent potential crashes.