Jerome Athias

**Name of the Vulnerable Software and Affected Versions** e107 my gallery plugin version 2.3 **Description** The issue allows remote attackers to obtain sensitive information via a full pathname in the `file` parameter in the dload.php file. **Recommendations** For version 2.3 of the my gallery plugin, consider restricting access to the dload.php file until a patch is available. Avoid using the `file` parameter with full pathnames in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ArGoSoft FTP Server versions 1.4.2.8 through 1.4.3.5 **Description** The issue allows remote authenticated users to execute arbitrary code via a long DELE command, which is a type of buffer overflow. This can lead to unauthorized access and control of the system. **Recommendations** For versions 1.4.2.8 through 1.4.3.5, consider disabling the DELE command functionality until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** phpBB Cash Mod module (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `phpbb root path` parameter to reference a URL on a remote web server that contains the code. This is achieved through a remote file inclusion vulnerability in the `admin cash.php` file for the Cash Mod module. **Recommendations** For the Cash Mod module, consider restricting access to the `admin cash.php` file until a patch is available. As a temporary workaround, avoid using the `phpbb root path` parameter to reference external URLs.