G4N0K

**Name of the Vulnerable Software and Affected Versions** Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script (affected versions not specified) **Description** The issue allows remote attackers to change an arbitrary password by modifying the `user id` field in the admin/admin.php script. **Recommendations** For Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script, restrict access to the admin/admin.php script to minimize the risk of exploitation. Avoid using the `user id` field in the affected script until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mole Group Gastro Portal (Restaurant Directory) Script (affected versions not specified) **Description** The issue concerns a lack of administrative authentication in the Mole Group Gastro Portal (Restaurant Directory) Script, specifically in the admin/admin info/index.php file. This allows remote attackers to change the admin password by submitting an unspecified form. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AJ Square AJ Article (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and access administrator functionality. This can be achieved by making a direct request to various API endpoints, including "user.php", "articles.php", "articlesuspend.php", "site.php", "statistics.php", "mail.php", "category.php", "subcategory.php", "changepassword.php", "polling.php", and "logo.php" in the "admin/" directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AJ Square Free Polling Script (AJPoll) Database version **Description** The issue allows remote attackers to bypass authentication and reset poll votes by making a direct request to "admin/resetvote.php". **Recommendations** For AJ Square Free Polling Script (AJPoll) Database version, restrict access to the "admin/resetvote.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AJ Classifieds (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and gain administrator privileges by making a direct request to "admin/home.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AJPoll Database version **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `ques` parameter in the admin/include/newpoll.php file. **Recommendations** For AJPoll Database version, consider restricting access to the `ques` parameter in the admin/include/newpoll.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AJ Square AJ Auction Pro Platinum Skin #1 Description: The issue allows remote attackers to bypass authentication. This is achieved by directly requesting the admin/user.php endpoint, which does not properly exit after sending a redirect when called directly. Recommendations: For AJ Square AJ Auction Pro Platinum Skin #1, consider modifying the admin/user.php endpoint to properly exit after sending a redirect when called directly, or implement authentication checks to prevent unauthorized access.

Name of the Vulnerable Software and Affected Versions: TurnkeyForms Text Link Sales (affected versions not specified) Description: The issue allows remote attackers to bypass authentication and gain administrative privileges via a direct request to the admin.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AJ Square AJ Auction (affected versions not specified) Description: The issue allows remote attackers to bypass authentication by making a direct request to certain API endpoints, including (1) "site.php", (2) "auction.php", (3) "mail.php", (4) "fee setting.php", (5) "earnings.php", (6) "insertion fee settings.php", (7) "custom category.php", (8) "subcategory.php", (9) "category.php", (10) "report.php", (11) "store manager.php", and (12) "choose sell format.php" in the "admin/" directory. This bypass is possible because the scripts do not exit after sending a redirect when called directly. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TurnkeyForms Web Hosting Directory (affected versions not specified) Description: The issue concerns a SQL injection vulnerability in the login functionality. This vulnerability allows remote attackers to execute arbitrary SQL commands via the `password` field. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TurnkeyForms Web Hosting Directory (affected versions not specified) Description: The issue allows remote attackers to bypass authentication, which can lead to two main consequences: gaining administrative privileges by manipulating the `adm` cookie or gaining privileges as another user by altering the `logged` cookie to match the target username. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TurnkeyForms Web Hosting Directory (affected versions not specified) Description: The issue allows remote attackers to obtain a database backup due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access it via a direct request to the "admin/backup/db" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zeeways SHAADICLONE version 2.0 Description: The issue allows remote attackers to bypass authentication and gain administrative privileges. This is achieved by making a direct request to the "admin/home.php" API endpoint. Recommendations: For Zeeways SHAADICLONE version 2.0, consider restricting access to the "admin/home.php" endpoint until a patch is available. As a temporary workaround, review and strengthen authentication mechanisms to prevent unauthorized access.

Name of the Vulnerable Software and Affected Versions: eLitius version 1.0 Description: The issue allows remote attackers to bypass intended access restrictions and upload arbitrary files. This can be achieved by uploading an avatar file with an accepted Content-Type, such as `image/gif`, and then requesting the file in the "admin/banners/" endpoint. Recommendations: For eLitius version 1.0, consider restricting access to the admin/uploadimage.php file and the admin/banners/ endpoint to minimize the risk of exploitation. As a temporary workaround, consider disabling the file upload functionality in admin/uploadimage.php until a patch is available.

Name of the Vulnerable Software and Affected Versions: Mini-stream Easy RM-MP3 Converter version 3.0.0.7 Description: The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via a long rtsp URL in a .ram file or a long string in the HREF attribute of a REF element in a .asx file. Recommendations: For Mini-stream Easy RM-MP3 Converter version 3.0.0.7, consider updating to a newer version that addresses these buffer overflows. As a temporary workaround, restrict the handling of .ram and .asx files to minimize the risk of exploitation. Avoid using long rtsp URLs in .ram files and long strings in the HREF attribute of REF elements in .asx files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Mini-stream RM Downloader version 3.0.0.9 Description: The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by using a long rtsp URL in a .ram file. Recommendations: For Mini-stream RM Downloader version 3.0.0.9, consider avoiding the use of long rtsp URLs in .ram files until a patch is available. As a temporary workaround, restrict access to the functionality that handles .ram files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Mini-stream Ripper version 3.0.1.1 Description: The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via a long rtsp URL in a .ram file or a long string in the HREF attribute of a REF element in a .asx file. Recommendations: For Mini-stream Ripper version 3.0.1.1, consider updating to a newer version that addresses these buffer overflows, if available. As a temporary workaround, restrict the handling of .ram and .asx files to minimize the risk of exploitation. Avoid using long rtsp URLs in .ram files and long strings in the HREF attribute of REF elements in .asx files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Mini-stream ASX to MP3 Converter version 3.0.0.7 Mini-stream ASX to MP3 Converter versions prior to 3.1.3.7 Description: The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved via a long rtsp URL in a .ram file or a long string in the HREF attribute of a REF element in a .asx file. Recommendations: For Mini-stream ASX to MP3 Converter version 3.0.0.7, update to version 3.1.3.7 or later to resolve the issue. For Mini-stream ASX to MP3 Converter versions prior to 3.1.3.7, update to version 3.1.3.7 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: ReVou Micro Blogging TClone plugin (affected versions not specified) Description: The issue concerns the adminlogin/password.php file in the TClone plugin, where it fails to verify the original password before allowing a password change. This allows remote attackers to change the administrator's password and gain privileges by sending a direct request with modified `newpass1` and `newpass2` parameters in a Change operation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: TurnkeyForms Entertainment Portal version 2.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `adminLogged` cookie to `Administrator`, effectively granting unauthorized users administrative privileges. Recommendations: For TurnkeyForms Entertainment Portal version 2.0, consider temporarily disabling the administrative access feature until a patch is available. Restrict access to sensitive areas of the portal to minimize the risk of exploitation. Avoid relying solely on the `adminLogged` cookie for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.