Fgeeko

**Nome do software vulnerável e versões afetadas: Versões 1.5.7 e anteriores do Zenphoto Descrição: A vulnerabilidade permite o upload arbitrário de arquivos por usuários autenticados, levando à execução remota de código. Um invasor deve acessar o plugin de upload, marcar a caixa do elFinder e, em seguida, arrastar e soltar arquivos na seção “Arquivos (elFinder)” da interface do usuário, podendo colocar um arquivo .php no diretório `uploaded/` do servidor. Observe-se que a exploração só pode ser realizada por um administrador, que já possui amplas possibilidades de causar danos ao site. Recomendações: Para as versões 1.5.7 e anteriores, considere desativar o plugin de upload ou restringir o acesso à funcionalidade elFinder até que uma correção esteja disponível. Além disso, restrinja a capacidade de enviar arquivos, especialmente arquivos .php, para o diretório uploaded/ do servidor, a fim de minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** libcaca version 0.99.beta19 **Description** The issue is related to an integer overflow in the `get rgba default` function of the libcaca graphic library, located in caca/dither.c. This can lead to an illegal READ memory access, potentially allowing a remote attacker to gain unauthorized access to protected information. **Recommendations** For libcaca version 0.99.beta19, consider restricting access to the `get rgba default` function in caca/dither.c as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libcaca version 0.99.beta19 **Description** The issue is related to an integer overflow in the `load image` function, located in `common-image.c`, which can lead to an illegal WRITE memory access, particularly for 4bpp data. This can potentially allow a remote attacker to execute arbitrary code. **Recommendations** For libcaca version 0.99.beta19, consider disabling the `load image` function until a patch is available to prevent potential exploitation. Restrict access to the `common-image.c` module to minimize the risk of exploitation. Avoid using the `load image` function for 4bpp data until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Free Lossless Image Format (FLIF) version 0.3 **Description** An issue was discovered that allows an attacker to trigger a long loop in the image load pnm function located in image/image-pnm.cpp. **Recommendations** For Free Lossless Image Format (FLIF) version 0.3, consider avoiding the use of the image load pnm function in image/image-pnm.cpp until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.26 **Description** The issue is related to a heap-based buffer overflow in the `getData` function, located in `preview.cpp`, which can be exploited by a remote attacker using a specially crafted malicious file. This could potentially lead to a denial of service or allow the execution of arbitrary code. **Recommendations** For Exiv2 version 0.26, consider disabling the `getData` function in `preview.cpp` as a temporary workaround until a patch is available. Restrict the use of Exiv2 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.4 **Description** The issue is related to a heap-based Buffer Overflow in the `processCanonCameraInfo` function, which can be triggered by a crafted file. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 0.18.4, update to version 0.18.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `processCanonCameraInfo` function until a patch is available. Avoid using LibRaw to process untrusted or crafted files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ultimate PHP Board versions prior to 2.2.8 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the `q` parameter to `search.php` and the `avatar` parameter to `profile.php` are vulnerable. **Recommendations** For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the `search.php` and `profile.php` scripts until the update is applied. Avoid using the `q` parameter in the `search.php` script and the `avatar` parameter in the `profile.php` script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Fat Free CRM versions prior to 0.12.1 **Description** The issue makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code. This is due to a fixed `FatFreeCRM::Application.config.secret token` value in the `config/initializers/secret token.rb` file. **Recommendations** For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider regenerating and using a unique secret token value for `FatFreeCRM::Application.config.secret token` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fat Free CRM versions prior to 0.12.1 **Description** The issue allows remote attackers to obtain sensitive information via a direct request. This is demonstrated by a request for `users/1.xml`. **Recommendations** For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `users/1.xml` endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Fat Free CRM versions prior to 0.12.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via the homepage timeline feature or the activity feature. This is due to multiple SQL injection vulnerabilities in the app/controllers/home controller.rb file. **Recommendations** For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the homepage timeline and activity features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Fat Free CRM versions prior to 0.12.1 **Description** The issue allows remote attackers to obtain sensitive information via a direct request. This is demonstrated by a request for "users/1.json", which is an API endpoint that is vulnerable due to unrestricted JSON serialization. **Recommendations** For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "users/1.json" API endpoint until a patch is available. Avoid using the `users/1.json` endpoint in untrusted environments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Fat Free CRM versions prior to 0.12.1 **Description** The issue is related to multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of victims via unknown vectors. The cause is linked to the lack of a `protect from forgery` line in the `app/controllers/application controller.rb` file. **Recommendations** For versions prior to 0.12.1, update to version 0.12.1 or later to resolve the issue. As a temporary workaround, consider adding the `protect from forgery` line to the `app/controllers/application controller.rb` file to mitigate the risk of CSRF attacks.