Ghost Hacker

Name of the Vulnerable Software and Affected Versions: Free Directory Script version 1.1.1 Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `API HOME DIR` parameter. Recommendations: For Free Directory Script version 1.1.1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the init.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `API HOME DIR` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CodeAvalanche FreeForum (affected versions not specified) **Description** The issue allows remote attackers to download the database file containing passwords via a direct request for the ` private/CAForum.mdb` file due to insufficient access control. This is because sensitive information is stored under the web root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iyzi Forum version 1.0 beta 3 **Description** The issue allows remote attackers to download a database file containing a password via a direct request for "db/iyziforum.mdb" due to insufficient access control. This is because sensitive information is stored under the web root. **Recommendations** For iyzi Forum version 1.0 beta 3, consider restricting access to the "db/iyziforum.mdb" file to prevent unauthorized downloads until a proper fix is applied. Additionally, review and improve access controls for sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** Gazatem QMail Mailing List Manager version 1.2 **Description** The issue allows remote attackers to download the database file due to insufficient access control. Sensitive information is stored under the web root, which can be accessed via a direct request for the database file. **Recommendations** For Gazatem QMail Mailing List Manager version 1.2, consider restricting access to the qmail.mdb file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive files outside of the web root or implementing proper access controls can help mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Ikon AdManager versions 2.1 and earlier **Description** The issue allows remote attackers to download the database file due to insufficient access control. This is possible because sensitive information is stored under the web root. The database file can be accessed via a direct request for `ikonBAnner AdManager.mdb`. **Recommendations** For Ikon AdManager versions 2.1 and earlier, restrict access to the `ikonBAnner AdManager.mdb` file to prevent unauthorized downloads. Consider moving sensitive information outside of the web root or implementing proper access controls to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Professional Download Assistant version 0.1 **Description** The issue allows remote attackers to download the database file due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access the database file via a direct request for database/downloads.mdb. **Recommendations** For Professional Download Assistant version 0.1, consider restricting access to the database file and implementing proper access controls to prevent unauthorized downloads. As a temporary workaround, restrict access to the database/downloads.mdb file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPOutsourcing IdeaBox version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `gorumDir` parameter in the include.php file. **Recommendations** For PHPOutsourcing IdeaBox version 1.1, consider restricting access to the include.php file or validating the `gorumDir` parameter to prevent remote file inclusion attacks. As a temporary workaround, avoid using the `gorumDir` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: ASP/MS Access Shoutbox version 1.1 beta Description: The issue allows remote attackers to obtain sensitive information due to insufficient access control. This is because the `db/shoutdb.mdb` file is stored under the web root, making it accessible via a direct request. Recommendations: For ASP/MS Access Shoutbox version 1.1 beta, consider restricting access to the `db/shoutdb.mdb` file to minimize the risk of exploitation. As a temporary workaround, move the `db/shoutdb.mdb` file outside of the web root to prevent direct access.

Name of the Vulnerable Software and Affected Versions: Todd Woolums ASP News Management version 2.21 Description: The issue allows remote attackers to obtain sensitive information via a direct request due to insufficient access control of the db/news.mdb file stored under the web root. Recommendations: For version 2.21, consider restricting access to the db/news.mdb file to prevent remote attackers from obtaining sensitive information. As a temporary workaround, move the db/news.mdb file outside of the web root directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HIOX Browser Statistics (HBS) version 2.0 **Description** The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `hm` parameter to specific API endpoints, such as "hioxupdate.php" and "hioxstats.php". **Recommendations** For HIOX Browser Statistics (HBS) version 2.0, consider restricting access to the "hioxupdate.php" and "hioxstats.php" endpoints to minimize the risk of exploitation. Avoid using the `hm` parameter in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HIOX Random Ad (HRA) version 1.3 **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved by providing a URL in the `hm` parameter. **Recommendations** For HIOX Random Ad (HRA) version 1.3, consider disabling the `hioxRandomAd.php` file or restricting access to it until a patch is available. Avoid using the `hm` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: EZWebAlbum (affected versions not specified) Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved via the `dlfilename` parameter in the "download.php" API endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: gapicms version 9.0.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dirDepth` parameter in the ktmlpro/includes/ktedit/toolbar.php file. Recommendations: For gapicms version 9.0.2, consider restricting access to the vulnerable `toolbar.php` file until a patch is available. Avoid using the `dirDepth` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: HIOX Banner Rotator (HBR) version 1.3 Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the `hm` parameter. Recommendations: For HIOX Banner Rotator (HBR) version 1.3, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the hm parameter to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** RSS-aggregator (affected versions not specified) **Description** A remote file inclusion issue in display.php allows attackers to execute arbitrary PHP code via a URL in the `path` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.