Juan Galiana Lara

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions prior to 3.1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `argv[1]` parameter in the extras/pandora diag.php file. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions prior to 3.1.1 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the `layout` parameter in an "operation/agentes/networkmap" action to "index.php". **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "operation/agentes/networkmap.php" endpoint to minimize the risk of exploitation. Avoid using the `layout` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions 3.1 and earlier **Description** The issue allows remote attackers to bypass authentication. This is achieved by sending a request to "index.php" with "admin" in the `loginhash user` parameter, in conjunction with the md5 hash of "admin" in the `loginhash data` parameter. **Recommendations** For Pandora FMS versions 3.1 and earlier, update the default configuration to specify a non-empty string for the `loginhash pwd` field to prevent authentication bypass.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions prior to 3.1.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via two specific API endpoints: "operation/agentes/ver agente" in "ajax.php" using the `id group` parameter, or "operation/agentes/estado agente" in "index.php" using the `group id` parameter. The vulnerability is related to the "operation/agentes/estado agente.php" file. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ajax.php" and "index.php" files, specifically to the "operation/agentes/ver agente" and "operation/agentes/estado agente" actions, until the update can be applied. Avoid using the `id group` and `group id` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions prior to 3.1.1 **Description** The issue allows remote attackers to include and execute arbitrary local files via specific parameters in various PHP files. This can be achieved through the "page" parameter to "ajax.php", the "id" parameter to "general/pandora help.php", or the "layout" parameter to "operation/agentes/networkmap.php". This could potentially allow attackers to create, modify, or delete arbitrary local files. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected PHP files, specifically "ajax.php", "general/pandora help.php", and "operation/agentes/networkmap.php", until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** Horde Application Framework versions prior to 3.3.6 Horde Groupware versions prior to 1.2.5 Horde Groupware Webmail Edition versions prior to 1.2.5 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the administration interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the PATH INFO to specific PHP files, including `phpshell.php`, `cmdshell.php`, or `sqlshell.php` in the `admin/` directory. The issue is related to the `PHP SELF` variable. **Recommendations** For Horde Application Framework versions prior to 3.3.6, update to version 3.3.6 or later. For Horde Groupware versions prior to 1.2.5, update to version 1.2.5 or later. For Horde Groupware Webmail Edition versions prior to 1.2.5, update to version 1.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** Horde Application Framework versions prior to 3.3.6 Horde Groupware versions prior to 1.2.5 Horde Groupware Webmail Edition versions prior to 1.2.5 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via `data:text/html` values for the `HREF` attribute of an `A` element in an HTML e-mail message. This is due to improper handling of `data:` URIs. **Recommendations** For Horde Application Framework versions prior to 3.3.6, update to version 3.3.6 or later. For Horde Groupware versions prior to 1.2.5, update to version 1.2.5 or later. For Horde Groupware Webmail Edition versions prior to 1.2.5, update to version 1.2.5 or later.

Name of the Vulnerable Software and Affected Versions: ModSecurity versions prior to 2.5.9 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a multipart form data post request with a missing part header name. This triggers a NULL pointer dereference. Recommendations: For versions prior to 2.5.9, update to version 2.5.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WordPress MU versions prior to 2.7 **Description** A cross-site scripting (XSS) issue exists due to insufficient validation of the HTTP Host header. This allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 2.7, update to version 2.7 or later to resolve the issue.