Sn0Opy

**Name of the Vulnerable Software and Affected Versions** JBrowser (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and access certain administrative capabilities. This is achieved via a direct request for the ` admin/` endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** J-Web Pics Navigator version 2.0 **Description** A directory traversal issue exists, allowing remote attackers to list arbitrary directories by using a .. (dot dot) in the `dir` parameter of the jwpn-photos.php file. **Recommendations** For J-Web Pics Navigator version 2.0, consider restricting access to the jwpn-photos.php file until a patch is available, or avoid using the `dir` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** J-Web Pics Navigator version 1.0 **Description** A directory traversal issue exists, allowing remote attackers to list arbitrary directories. This is achieved by using a .. (dot dot) in the `dir` parameter of the pn-menu.php file. **Recommendations** For J-Web Pics Navigator version 1.0, consider restricting access to the pn-menu.php file or the `dir` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `dir` parameter with untrusted input until a patch is available.

Name of the Vulnerable Software and Affected Versions: Ezboo webstats version 3.0.3 Description: The issue allows remote attackers to bypass authentication and gain access to the system. This can be achieved by making a direct request to API endpoints such as "update.php" and "config.php". Recommendations: For Ezboo webstats version 3.0.3, consider restricting access to the "update.php" and "config.php" API endpoints to prevent unauthorized access until a patch is available.

Name of the Vulnerable Software and Affected Versions: AbleDesign MyCalendar (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The affected parameters include: - the `go` parameter, - the `keyword` parameter in the search menu when `go` equals 'search', - the `username` in a 'go=Login' action, and - the `password` in a 'go=Login' action. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: nabopoll version 1.1.2 Description: The issue allows remote attackers to bypass authentication and access certain administrative functionality. This can be achieved via a direct request for specific PHP files in the admin directory, including "config edit.php", "template edit.php", or "survey edit.php". Recommendations: For version 1.1.2, consider restricting access to the admin directory or the specific PHP files "config edit.php", "template edit.php", and "survey edit.php" to minimize the risk of exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: Adrenalin's ASP Chat (affected versions not specified) Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML, specifically (1) via the `pseudo` field or (2) during chat. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tForum version 2.00 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` and `pass` variables in the `user confirm.asp` endpoint. **Recommendations** For tForum version 2.00, consider restricting access to the `user confirm.asp` endpoint until a patch is available. As a temporary workaround, avoid using the `id` and `pass` variables in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASPCode.net AdMentor (affected versions not specified) **Description** The issue concerns SQL injection vulnerabilities in the administrative login page, specifically the 'admin/login.asp' page. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by manipulating the `Userid` and `Password` fields. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BTSaveMySql version 1.2 **Description** The issue allows remote attackers to obtain configuration and save files via direct requests due to insufficient access control of sensitive data stored under the web root. **Recommendations** For BTSaveMySql version 1.2, consider restricting access to sensitive data stored under the web root to minimize the risk of exploitation. As a temporary workaround, limit direct requests to configuration and save files until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** PhpQuiz (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved via a direct request to 'cfgphpquiz/install.php' and potentially other unspecified vectors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.