Mrdoug

**Name of the Vulnerable Software and Affected Versions** Webboard versions 2.90 beta and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `topic` parameter in the "view.php" file. **Recommendations** For Webboard versions 2.90 beta and earlier, consider restricting access to the "view.php" file until a patch is available. As a temporary workaround, avoid using the `topic` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Venalsur Booking Centre Booking System for Hotels Group version 2.01 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `myusername` (username) and `password` parameters in the "admin/checklogin.php" file. Recommendations: For version 2.01, update the software to a version that fixes the SQL injection vulnerabilities in the "admin/checklogin.php" file, specifically ensuring the `myusername` and `password` parameters are properly sanitized to prevent arbitrary SQL command execution.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox version 3.0.5 **Description** The issue allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position. This is related to a "Status Bar Obfuscation" and "Clickjacking" attack. **Recommendations** For Mozilla Firefox version 3.0.5, update to a newer version to mitigate the risk.