Gammarays

#11016de 53,633
25CVSS total
Vulnerabilidades · 3
Alta
3
PT-2007-3483
7.5
2007-04-19
Shoutpro · Shoutpro · CVE-2007-2141
**Name of the Vulnerable Software and Affected Versions** ShoutPro version 1.5.2 **Description** A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into shouts.php via the `shout` parameter in the shoutbox.php file. **Recommendations** For ShoutPro version 1.5.2, as a temporary workaround, consider restricting access to the shoutbox.php file until a patch is available. Avoid using the `shout` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2007-3491
10
2007-04-19
Chatness · Chatness · CVE-2007-2149
**Name of the Vulnerable Software and Affected Versions** Chatness versions 2.5.3 and earlier **Description** The issue allows local users to gain privileges and remote attackers to obtain credentials. This is due to the storage of usernames and unencrypted passwords in files such as `classes/vars.php` and `classes/varstuff.php`, with recommended permissions of 0666 or 0777, making the files accessible. Remote attackers can exploit this by making a direct request for `admin/options.php`. **Recommendations** For Chatness versions 2.5.3 and earlier, consider changing the permissions of the files `classes/vars.php` and `classes/varstuff.php` to more secure settings to prevent unauthorized access. Additionally, restrict access to the `admin/options.php` endpoint to minimize the risk of exploitation. As a temporary workaround, consider encrypting the stored passwords until a more permanent fix can be applied.
PT-2007-3435
7.5
2007-04-18
Limesoft · Limesoft Guestbook · CVE-2007-2093
**Name of the Vulnerable Software and Affected Versions** Limesoft Guestbook (LS Simple Guestbook) version 1.0 **Description** A direct static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into posts.txt via the `message` parameter in index.php. **Recommendations** For Limesoft Guestbook (LS Simple Guestbook) version 1.0, consider restricting access to the `message` parameter in the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.