Oriol Torrent Santiago

**Name of the Vulnerable Software and Affected Versions** phpXplorer version 0.9.33 **Description** A directory traversal issue in workspaces.php allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the `sShare` parameter. However, it is claimed that this functionality is supported by phpXplorer for uploading PHP files and does not cross privilege boundaries due to the PHP functionality allowing read access outside the web root. **Recommendations** For phpXplorer version 0.9.33, consider restricting access to the `sShare` parameter in the workspaces.php file to minimize the risk of exploitation. Additionally, review the upload functionality to ensure it does not introduce security risks.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 2.6.2-rc1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `convcharset` parameter in the index.php file. **Recommendations** For versions prior to 2.6.2-rc1, update to version 2.6.2-rc1 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or avoiding the use of the `convcharset` parameter until the issue is resolved.