Jose Antonio Coret

**Name of the Vulnerable Software and Affected Versions** Mantis versions 0.19.0a1 through 1.0.0a3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the summary of the bug. This occurs because the summary is not properly quoted when the view all bug page.php page is used to delete the bug. **Recommendations** For Mantis versions 0.19.0a1 through 1.0.0a3, consider updating to a version where this issue is fixed, although the specific fixed version is not provided in the available data. As a temporary workaround, restrict the ability to inject arbitrary web script or HTML via the bug summary to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mantis versions 0.19.0a1 through 1.0.0a3 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `dir` parameter in the view all set.php file. **Recommendations** For Mantis versions 0.19.0a1 through 1.0.0a3, consider restricting access to the view all set.php file until a patch is available, and avoid using the `dir` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mantis versions 0.19.0a1 through 1.0.0a3 **Description** The issue allows remote attackers to connect to internal databases by modifying the `g db type` variable and monitoring the speed of responses. This is possible when register globals is enabled. **Recommendations** For Mantis versions 0.19.0a1 through 1.0.0a3, disable register globals to prevent exploitation. As a temporary workaround, consider restricting access to the core/database api.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GForge version 4.5 **Description** The issue affects the lost password and account pending features, allowing remote attackers to send a large number of messages to arbitrary e-mail addresses, essentially creating a mail bomb. **Recommendations** For GForge version 4.5, consider implementing a limit on the number of e-mails sent to an e-mail address to prevent abuse. As a temporary workaround, restrict access to the lost password and account pending features until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** OWL versions 0.7 through 0.8 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters are the `expand` and `order` parameters. **Recommendations** For OWL versions 0.7 through 0.8, avoid using the `expand` and `order` parameters in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the browse.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OWL versions 0.7 through 0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `parent` or `sortposted` parameter in the browse.php file. **Recommendations** For OWL versions 0.7 through 0.8, consider restricting access to the browse.php file until a patch is available. As a temporary workaround, avoid using the `parent` and `sortposted` parameters in the browse.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SugarCRM versions 1.X **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via specific parameters, including `return module`, `return action`, `name`, `module`, or `record`. **Recommendations** For SugarCRM version 1.X, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** WebCalendar (affected versions not specified) **Description** The issue allows remote attackers to inject arbitrary web script via several API endpoints, including "view entry.php", "view d.php", "usersel.php", "datesel.php", "trailer.php", or "styles.php". This can be achieved using `img` tags with `src` attributes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebCalendar (affected versions not specified) **Description** The issue concerns a CRLF injection vulnerability in the login.php file. This vulnerability allows remote attackers to inject CRLF sequences via the `return path` parameter, enabling them to perform HTTP Response Splitting attacks. These attacks can modify the expected HTML content from the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebCalendar (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary local PHP scripts. This is achieved via the `user inc` parameter in the init.php file. **Recommendations** For all affected versions, consider restricting access to the init.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `user inc` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebCalendar (affected versions not specified) **Description** The issue allows remote attackers to gain privileges by modifying critical parameters to API endpoints such as "view entry.php" or "upcoming.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open WorkFlow Engine (OpenWFE) versions 1.4.x **Description** The issue allows remote attackers to conduct port scans of remote hosts. This is achieved by specifying the target in an "rmi:// Worklist URL", then using the response times to infer the results. **Recommendations** For OpenWFE versions 1.4.x, consider restricting access to the rmi:// Worklist URL to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenWFE versions 1.4.x **Description** A cross-site scripting (XSS) issue exists in the login form, allowing remote attackers to execute arbitrary web script or HTML via the `url` parameter. This can lead to unauthorized actions on the affected system. **Recommendations** For OpenWFE version 1.4.x, avoid using the `url` parameter in the login form until a fix is available. As a temporary workaround, consider restricting access to the login form to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo version 4.5 (1.0.9) **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `mosConfig absolute path` parameter to reference a URL on a remote web server that contains the code. This is a result of a PHP remote file inclusion vulnerability in Function.php. **Recommendations** For Mambo version 4.5 (1.0.9), consider restricting access to the `mosConfig absolute path` parameter to prevent modification by remote attackers until a patch is available. As a temporary workaround, avoid using the `mosConfig absolute path` parameter to reference external URLs.

**Name of the Vulnerable Software and Affected Versions** Mambo version 4.5 (1.0.9) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `Itemid`, `mosmsg`, or `limit` parameters in index.php. **Recommendations** For Mambo version 4.5 (1.0.9), avoid using the `Itemid`, `mosmsg`, or `limit` parameters in the index.php file until a fix is available. As a temporary workaround, consider restricting access to index.php to minimize the risk of exploitation.