Mat

**Name of the Vulnerable Software and Affected Versions** Yamamah Photo Gallery version 1.00 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `download` parameter of the themes/default/download.php file. **Recommendations** For Yamamah Photo Gallery version 1.00, update to a version released after 20100618 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Insky CMS versions 006 through 0111 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved by providing a URL in the `ROOT` parameter to various API endpoints, including "city.get/city.get.php", "city.get/index.php", "message2.send/message.send.php", "message.send/message.send.php", and "pages.add/pages.add.php" in insky/modules/. **Recommendations** For Insky CMS versions 006 through 0111, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable API endpoints until a fix is available. As a temporary workaround, avoid using the `ROOT` parameter in the affected endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Direct News version 4.10.2 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved by providing a URL in the `rootpath` parameter to API endpoints such as "admin/menu.php" and "library/lib.menu.php", and the `adminroot` parameter to "admin/media/update content.php" and "library/class.backup.php". **Recommendations** For Direct News version 4.10.2, consider disabling the `register globals` setting to prevent exploitation. Additionally, restrict access to the vulnerable API endpoints, specifically "admin/menu.php", "library/lib.menu.php", "admin/media/update content.php", and "library/class.backup.php", until a patch is available. Avoid using the `rootpath` and `adminroot` parameters in these endpoints until the issue is resolved.