Jose Luis Gngora Fernndez

**Name of the Vulnerable Software and Affected Versions** Gekko versions 0.8.2 and earlier **Description** The issue allows remote attackers to potentially read certain files under the temp/ directory, such as log files that record blog entry titles. However, in most deployments using Apache HTTP Server, access to the temp/ directory is blocked by .htaccess. **Recommendations** For Gekko versions 0.8.2 and earlier, consider restricting access to the temp/ directory to prevent potential file reading. Additionally, review the .htaccess configuration to ensure it properly blocks access to sensitive files in the temp/ directory.

**Name of the Vulnerable Software and Affected Versions** Proverbs Web Calendar versions 1.1 and earlier **Description** The issue concerns SQL injection vulnerabilities in the caladmin.inc.php file. Remote attackers can execute arbitrary SQL commands by manipulating the `loginname` (also known as `Username`) and `loginpass` (also known as `Password`) parameters in the caladmin.php file. **Recommendations** For Proverbs Web Calendar versions 1.1 and earlier, as a temporary workaround, consider restricting access to the caladmin.php file until a patch is available. Avoid using the `loginname` and `loginpass` parameters in the caladmin.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.