Mountassif Moad

**Name of the Vulnerable Software and Affected Versions** Easy File Sharing (EFS) Web Server version 4.8 **Description** A directory traversal issue exists in the thumbnail.ghp component, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `vfolder` parameter. **Recommendations** For Easy File Sharing (EFS) Web Server version 4.8, consider restricting access to the thumbnail.ghp component until a patch is available, and avoid using the `vfolder` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** Kalptaru Infotech Ltd. Star Articles version 6.0 **Description** The issue allows remote attackers to inject arbitrary SQL commands. This can be achieved via several parameters and endpoints, including the `subcatid` parameter to "article.list.php", the `artid` parameter to "article.print.php", "article.comments.php", "article.publisher.php", or "article.download.php", and the PATH INFO to "article.download.php". **Recommendations** For Kalptaru Infotech Ltd. Star Articles version 6.0, consider restricting access to the vulnerable API endpoints, such as "article.list.php", "article.print.php", "article.comments.php", "article.publisher.php", and "article.download.php", until a patch is available. Avoid using the `subcatid` and `artid` parameters in the affected endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Ocean12 FAQ Manager Pro (affected versions not specified) **Description** The issue concerns the storage of sensitive data under the web root with insufficient access control. This allows remote attackers to download a database via a direct request. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NatterChat versions 1.1 through 1.12 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `txtUsername` parameter (also known as `Username`) and the `txtPassword` parameter (also known as `Password`) in a form generated by "home.asp". **Recommendations** For NatterChat versions 1.1 through 1.12, consider restricting access to the login functionality until a fix is available, and avoid using the `txtUsername` and `txtPassword` parameters in the affected form. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** NatterChat version 1.1 **Description** The issue allows remote attackers to bypass authentication and gain administrator privileges. This can be achieved by making a direct request to the "admin/home.asp" endpoint. As a result, attackers can read or delete rooms and messages. **Recommendations** For NatterChat version 1.1, consider restricting access to the "admin/home.asp" endpoint until a patch is available. Additionally, review the authentication mechanism to prevent unauthorized access.

Name of the Vulnerable Software and Affected Versions: Scripts For Sites (SFS) EZ Career (affected versions not specified) Description: A SQL injection issue exists in the content.php file, allowing remote attackers to execute arbitrary SQL commands by manipulating the `topic` parameter in the "/content.php" endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MyKtools version 2.4 Description: The issue concerns a lack of administrative authentication in the mykdownload.php file, allowing remote attackers to read a database backup. This can be achieved by making a direct request, followed by sending an unspecified request to the download page for the backup. No information is available regarding the estimated number of potentially affected devices or real-world incidents. Recommendations: For MyKtools version 2.4, ensure that administrative authentication is properly implemented for the mykdownload.php file to prevent unauthorized access to database backups. As a temporary workaround, consider restricting access to the mykdownload.php file until a proper fix is applied.

Name of the Vulnerable Software and Affected Versions: Scripts for Sites (SFS) EZ Auction (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat` parameter in the `viewfaqs.php` file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WinAsm Studio version 5.1.5.0 **Description** A buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via a crafted project (.wap) file. **Recommendations** For WinAsm Studio version 5.1.5.0, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Ocean12 FAQ Manager Pro version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in a "Cat" action in the default.asp file. Recommendations: For Ocean12 FAQ Manager Pro version 1.0, consider restricting access to the default.asp file or disabling the Cat action until a patch is available. Avoid using the `ID` parameter in the affected default.asp file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Scripts For Sites (SFS) EZ Top Sites (affected versions not specified) Description: A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `ts` parameter in the topsite.php script. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Whole Hog Ware Support versions 1.x **Description** The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by manipulating an integer value in the `adminid` cookie. **Recommendations** For Whole Hog Ware Support version 1.x, consider restricting access to administrative functions until a fix is available. As a temporary workaround, avoid using the `adminid` cookie or restrict its modification to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** Whole Hog Password Protect: Enhanced versions 1.x **Description** The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by manipulating an integer value in the `adminid` cookie. **Recommendations** For Whole Hog Password Protect: Enhanced version 1.x, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the `adminid` cookie or restrict its modification to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** V3 Chat - Profiles/Dating Script version 3.0.2 **Description** The issue allows remote attackers to bypass authentication and gain administrative access by setting the `admin` cookie to 1. **Recommendations** For version 3.0.2, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the `admin` cookie to authenticate users until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Active Bids version 3.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ItemID` parameter in the "bidhistory.asp" file. **Recommendations** For Active Bids version 3.5, consider restricting access to the `bidhistory.asp` file until a patch is available. As a temporary workaround, avoid using the `ItemID` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BandSite CMS version 1.1.4 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `login auth` cookie to true, effectively allowing unauthorized access to administrative functions. **Recommendations** For BandSite CMS version 1.1.4, consider disabling the use of the `login auth` cookie as a temporary workaround until a patch is available. Restrict access to administrative areas to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zeeways PhotoVideoTube versions 1.1 and earlier **Description** The issue allows remote attackers to bypass authentication and perform administrative tasks by making a direct request to "admin/home.php". **Recommendations** For Zeeways PhotoVideoTube versions 1.1 and earlier, as a temporary workaround, consider restricting access to the "admin/home.php" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Graphiks MyForum version 1.3 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `myforum login` and `myforum pass` cookies to 1. **Recommendations** For Graphiks MyForum version 1.3, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid relying solely on cookie-based authentication for administrative access.

**Name of the Vulnerable Software and Affected Versions** Article Publisher Pro version 1.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `userid` parameter in the contact author.php file. **Recommendations** For Article Publisher Pro version 1.5, avoid using the `userid` parameter in the contact author.php file until the issue is resolved. As a temporary workaround, consider restricting access to the contact author.php file to minimize the risk of exploitation.