R0Ut3R

**Name of the Vulnerable Software and Affected Versions** CoolPlayer versions 2.17 through 2.19 **Description** The issue is a stack-based buffer overflow in the skin.c file, which allows remote attackers to execute arbitrary code. This is achieved by providing a large PlaylistSkin value in a skin file. **Recommendations** For CoolPlayer versions 2.17 through 2.19, update to a version that contains a fix for this issue to prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** VeryDOC PDF Viewer OCX Control version 2.0.0.1 **Description** The issue is related to a heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control, which is part of the pdfview.ocx component. This can be exploited by remote attackers to execute arbitrary code when a long first argument is passed to the `OpenPDF` method. **Recommendations** For version 2.0.0.1, consider restricting access to the `OpenPDF` method until a patch is available. As a temporary workaround, avoid using the `OpenPDF` method with long arguments to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GoodTech SSH version 6.4 **Description** The issue is a stack-based buffer overflow in the SFTP subsystem. This can be exploited by remote authenticated users who send a long string to certain parameters, including the `open` (also known as `SSH FXP OPEN`), `unlink`, and `opendir` parameters, allowing them to execute arbitrary code. **Recommendations** For GoodTech SSH version 6.4, consider restricting access to the SFTP subsystem until a patch is available. As a temporary workaround, avoid using long strings in the `open`, `unlink`, and `opendir` parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IntelliTamper versions 2.07 through 2.08 Beta 4 **Description** The issue is related to a buffer overflow in the HTML parser, allowing remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. **Recommendations** For IntelliTamper versions 2.07 through 2.08 Beta 4, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Black Ice Document Imaging SDK version 10.95 Description: The issue is related to a heap-based buffer overflow in the OpenGifFile function within BiGif.dll. This can be exploited by remote attackers through a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx, potentially allowing the execution of arbitrary code. Recommendations: For Black Ice Document Imaging SDK version 10.95, consider disabling the BIImgFrm Control ActiveX control in biimgfrm.ocx as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** W3Filer version 2.1.3 **Description** A stack-based buffer overflow issue allows remote FTP servers to cause a denial of service, potentially leading to application hang or crash, and possibly execute arbitrary code. This occurs when a large banner is sent to a client that is sending a file. **Recommendations** For W3Filer version 2.1.3, consider restricting the size of banners received from remote FTP servers to prevent potential exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpBurningPortal quiz-modul version 1.0.1 and possibly earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `lang path` parameter to specific PHP files, including "quest delete.php", "quest edit.php", or "quest news.php". **Recommendations** For phpBurningPortal quiz-modul version 1.0.1 and possibly earlier, consider restricting access to the `lang path` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `lang path` parameter in the "quest delete.php", "quest edit.php", and "quest news.php" files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: VicFTPS versions prior to 5.0 Description: The issue is a stack-based buffer overflow that can be triggered by remote attackers, potentially leading to a denial of service (application crash) and possibly allowing the execution of arbitrary code. This is achieved by sending a long CWD command. Recommendations: For versions prior to 5.0, update to version 5.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Xpression News (X-News) version 1.0.1 Description: A directory traversal issue exists, allowing remote attackers to include arbitrary files or obtain sensitive information. This is achieved by using a .. (dot dot) in the `xnews-template` parameter of the archives.php file. Recommendations: For Xpression News (X-News) version 1.0.1, consider restricting access to the archives.php file until a patch is available. As a temporary workaround, avoid using the `xnews-template` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** Vote! Pro version 4.0 **Description** The issue allows remote attackers to execute arbitrary code via the `poll id` parameter, which is supplied to an eval function call. This is due to an eval injection vulnerability in the poll frame.php script. **Recommendations** For Vote! Pro version 4.0, avoid using the `poll id` parameter in the affected script until the issue is resolved. As a temporary workaround, consider restricting access to the poll frame.php script to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using .. (dot dot) sequences in the `alias` parameter of the downloaddetails.php file. **Recommendations** For TorrentFlux version 2.2, restrict access to the downloaddetails.php file until a patch is available, and avoid using the `alias` parameter with .. sequences to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux versions prior to 2.2 torrentflux-b4rt versions prior to 2.1-b4rt-972 **Description** The issue allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the `path` parameter. This is a different vector than previously identified issues. **Recommendations** For TorrentFlux versions prior to 2.2, update to version 2.2 or later. For torrentflux-b4rt versions prior to 2.1-b4rt-972, update to version 2.1-b4rt-972 or later. As a temporary workaround, consider restricting access to the `viewnfo.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** The issue allows remote authenticated users to execute arbitrary commands. This is achieved by injecting shell metacharacters, such as the semicolon (;), into the `announce` parameter in the maketorrent.php file. **Recommendations** For TorrentFlux version 2.2, consider restricting access to the maketorrent.php file until a patch is available, and avoid using the `announce` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ThinkEdit versions 1.9.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `template file` parameter. **Recommendations** For ThinkEdit versions 1.9.2 and earlier, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the design/thinkedit/render.php file to minimize the risk of exploitation. Avoid using the `template file` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Open Solution Quick.Cart version 2.0 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `config[db type]` parameter to various PHP scripts, including "categories.php", "couriers.php", "orders.php", and "products.php" in "actions admin/" and "orders.php" and "products.php" in "actions client/". This can be exploited by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts. The exploitation is possible when register globals is enabled and magic quotes gpc is disabled. **Recommendations** For Open Solution Quick.Cart version 2.0, consider disabling the register globals setting and enabling magic quotes gpc to prevent exploitation. Additionally, restrict access to the vulnerable PHP scripts in "actions admin/" and "actions client/" directories until a patch is available. Avoid using the `config[db type]` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** The issue allows remote registered users to execute arbitrary commands. This is achieved by injecting shell metacharacters into the `kill` parameter in the `index.php` file. **Recommendations** For TorrentFlux version 2.2, consider restricting access to the `kill` parameter in the `index.php` file until a patch is available. As a temporary workaround, restrict the use of shell metacharacters in user input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** The issue allows remote attackers to delete files by specifying the target filename in the `delfile` parameter in the index.php file. **Recommendations** For TorrentFlux version 2.2, restrict access to the `delfile` parameter in the index.php file to prevent unauthorized file deletion.

**Name of the Vulnerable Software and Affected Versions** TorrentFlux version 2.2 **Description** A directory traversal issue exists in the index.php file of TorrentFlux, allowing remote attackers to create or overwrite arbitrary files. This is achieved by manipulating sequences in the `alias file` parameter. **Recommendations** For TorrentFlux version 2.2, consider restricting access to the `alias file` parameter in the index.php file to prevent exploitation until a patch is available. As a temporary workaround, avoid using the `alias file` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: CMS Faethon versions 2.0 Ultimate and earlier Description: The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `mainpath` parameter to specific PHP files, such as "includes/rss-reader.php" or "admin/config.php", when certain PHP settings like `register globals` and `magic quotes gpc` are enabled. Recommendations: For CMS Faethon versions 2.0 Ultimate and earlier, consider disabling the `register globals` and `magic quotes gpc` settings to mitigate the risk of exploitation. Additionally, restrict access to the "includes/rss-reader.php" and "admin/config.php" files until a patch is available. Avoid using the `mainpath` parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPRecipeBook version 2.36 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `g rb basedir` parameter when `register globals` is enabled. This is due to a remote file inclusion vulnerability in the `classes/Import MM.class.php` file. **Recommendations** For PHPRecipeBook version 2.36, consider disabling the `register globals` setting to prevent exploitation, and restrict access to the `g rb basedir` parameter to minimize risk.