Scary-Boys

**Name of the Vulnerable Software and Affected Versions** Free Hosting Manager versions 1.2 through 2.0 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting both the `adminuser` and `loggedin` cookies. **Recommendations** For Free Hosting Manager versions 1.2 through 2.0, consider temporarily disabling the administrative access functionality until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid relying solely on cookie-based authentication for administrative access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LiteNews versions 0.1 through 1.2 and earlier **Description** The issue allows remote attackers to bypass authentication and gain administrative access by setting the `admin` cookie. **Recommendations** For LiteNews versions 0.1 through 1.2 and earlier, consider disabling administrative access until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid relying solely on cookie-based authentication for administrative access until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Galaxyscripts Mini File Host versions 1.2.1 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the `language` parameter in the "pages/upload.php" file. **Recommendations** For Galaxyscripts Mini File Host versions 1.2.1 and earlier, consider restricting access to the "pages/upload.php" file until a patch is available. As a temporary workaround, avoid using the `language` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.