Hamid Ebadi

Name of the Vulnerable Software and Affected Versions: Pi3Web versions 2.0.3 before PL2 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash or hang, and obtain the full pathname of the server. This is achieved by sending a request to a file in the ISAPI directory that is not an executable DLL, which triggers the crash when the DLL load fails. Recommendations: For Pi3Web version 2.0.3 before PL2, apply the PL2 patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** xrdp versions 0.4.1 and earlier **Description** The issue allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow. This occurs in the rdp rdp process color pointer pdu function in rdp/rdp rdp.c. **Recommendations** For xrdp versions 0.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xrdp versions 0.4.1 and earlier **Description** The issue is related to an array index error in the xrdp bitmap def proc function, located in xrdp/funcs.c. This error allows remote attackers to execute arbitrary code by manipulating the value of the `edit pos` structure member. **Recommendations** For xrdp versions 0.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xrdp versions 0.4.1 and earlier **Description** A buffer overflow issue exists in the xrdp bitmap invalidate function, allowing remote attackers to execute arbitrary code via a crafted request. **Recommendations** For xrdp versions 0.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.9 **Description** The issue is related to an array index error in the imageRotate function, allowing attackers to read the contents of arbitrary memory locations via a crafted value of the `bgd color` or `clrBack` argument for an indexed image. **Recommendations** For PHP versions prior to 5.2.9, update to a version 5.2.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MiniWeb HTTP Server version 0.8.19 **Description** The issue is a heap-based buffer overflow in the ` mwProcessReadSocket` function, located in the http.c file. This allows remote attackers to execute arbitrary code via a long URI. **Recommendations** For MiniWeb HTTP Server version 0.8.19, consider restricting access to the ` mwProcessReadSocket` function until a patch is available. As a temporary workaround, limit the length of URIs that can be processed by the server to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiniWeb HTTP Server version 0.8.19 **Description** The issue allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI, due to a directory traversal vulnerability in the `mwGetLocalFileName` function in http.c. **Recommendations** For MiniWeb HTTP Server version 0.8.19, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, avoid using the `mwGetLocalFileName` function with unvalidated input from the URI.

**Name of the Vulnerable Software and Affected Versions** Really Simple PHP and Ajax (RSPA) versions 2007-03-23 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` IncludeFilePHPClass`, ` ClassPath`, and ` class` parameters to (a) "rspa/framework/Controller v5.php", and (b) "rspa/framework/Controller v4.php". **Recommendations** For Really Simple PHP and Ajax (RSPA) versions 2007-03-23 and earlier, consider disabling the ` IncludeFilePHPClass`, ` ClassPath`, and ` class` parameters in the affected API endpoints "rspa/framework/Controller v5.php" and "rspa/framework/Controller v4.php" until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: RSPA 2007-03-23 Description: The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the ` class` parameter to specific PHP files, including "Controller v4.php" and "Controller v5.php". Recommendations: For RSPA 2007-03-23, consider restricting access to the `Controller v4.php` and `Controller v5.php` files until a patch is available. As a temporary workaround, avoid using the ` class` parameter in these files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASP Stats Generator versions prior to 2.1.2 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `order` parameter in the pages.asp file. **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the pages.asp file or validating and sanitizing the `order` parameter to prevent malicious input.

**Name of the Vulnerable Software and Affected Versions** ASP Stats Generator versions prior to 2.1.2 **Description** A direct static code injection issue allows remote authenticated attackers to execute arbitrary ASP code. This is achieved via the `strAsgSknPageBgColour` parameter to the "settings skin.asp" endpoint, with the malicious code being stored in "inc skin file.asp". **Recommendations** For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "settings skin.asp" endpoint and avoid using the `strAsgSknPageBgColour` parameter until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: TUGZip versions 3.1.0.2 through 3.4.0.0 Description: The issue allows user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted file, including .gz, .jar, .rar, or .zip files. Recommendations: For versions 3.1.0.2 through 3.4.0.0, consider restricting the use of archive unpacking functionality until a patch is available. Avoid using the affected software to unpack archives from untrusted sources.

**Name of the Vulnerable Software and Affected Versions** Jonathan Beckett PluggedOut Nexus version 0.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `email` parameter in the forgotten password.php file. **Recommendations** For version 0.1, avoid using the `email` parameter in the forgotten password.php file until the issue is resolved. As a temporary workaround, consider restricting access to the forgotten password.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PEAR::Archive Tar versions 1.2 through 1.3.1 **Description** A directory traversal issue allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive. **Recommendations** For PEAR::Archive Tar versions 1.2 through 1.3.1, update to version 1.3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PEAR::Archive Zip version 0.1.1 **Description** The issue allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive, due to a directory traversal vulnerability in zip.lib.php. **Recommendations** For version 0.1.1, update to a newer version that contains a fix for this issue, as using crafted pathnames in a ZIP archive can lead to arbitrary file creation and overwrite.

**Name of the Vulnerable Software and Affected Versions** PluggedOut Blog version 1.9.9c **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `entryid` parameter in a "comment add" action. **Recommendations** For PluggedOut Blog version 1.9.9c, avoid using the `entryid` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the exec.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FarsiNews versions 2.1 Beta 2 and earlier **Description** The issue allows remote attackers to include arbitrary files via a URL in the `cutepath` parameter in the loginout.php file, but only when register globals is enabled. **Recommendations** For FarsiNews versions 2.1 Beta 2 and earlier, disable register globals to prevent exploitation. Additionally, restrict access to the loginout.php file and avoid using the `cutepath` parameter until a fix is available.