The G0Bl!N

**Name of the Vulnerable Software and Affected Versions** WB News version 2.1.2 **Description** The issue allows remote attackers to bypass authentication and gain administrative access by modifying the `WBNEWS` cookie. This can be achieved by setting the `WBNEWS` cookie to 1. **Recommendations** For WB News version 2.1.2, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the modified `WBNEWS` cookie to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** TotalCalendar version 2.4 **Description** The issue concerns a lack of administrative authentication in the `admin/manage users.php` file, allowing remote attackers to change arbitrary passwords using the `newPW1` and `newPW2` parameters. **Recommendations** For TotalCalendar version 2.4, ensure that administrative authentication is properly implemented for the `admin/manage users.php` file to prevent unauthorized password changes. As a temporary workaround, consider restricting access to the `admin/manage users.php` file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Mini-stream RM Downloader (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long string in a .smi file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RoomPHPlanning version 1.6 **Description** The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by setting the `room phplanning` cookie to a value associated with the admin account. **Recommendations** For RoomPHPlanning version 1.6, consider temporarily restricting access to the Login.php file until a patch is available. As a workaround, avoid using the `room phplanning` cookie or restrict its use to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RoomPHPlanning version 1.6 **Description** The issue concerns a lack of authentication requirement in the admin/delitem.php file. This allows remote attackers to delete arbitrary users via the `user` parameter or delete arbitrary rooms via the `room` parameter. **Recommendations** For RoomPHPlanning version 1.6, consider implementing proper authentication mechanisms for the admin/delitem.php file to prevent unauthorized access. As a temporary workaround, restrict access to the admin/delitem.php file until a proper fix is applied. Avoid using the `user` and `room` parameters in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RoomPHPlanning version 1.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `loginus` parameter to "Login.php" or the "Old Password" field to "changepwd.php". Additionally, remote authenticated administrators can execute arbitrary SQL commands via the `id` parameter to "admin/userform.php". **Recommendations** For RoomPHPlanning version 1.6, consider restricting access to the "Login.php" and "changepwd.php" scripts until a patch is available. As a temporary workaround, restrict the use of the `loginus` parameter and the "Old Password" field. Also, limit access to the "admin/userform.php" script for authenticated administrators and avoid using the `id` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SoftCab Sound Converter version 1.2 **Description** The issue allows remote attackers to create or overwrite arbitrary files. This is achieved via the `SaveFormat` method in the `sndConverter.ocx` ActiveX control. **Recommendations** For version 1.2, consider disabling the `SaveFormat` method in the `sndConverter.ocx` ActiveX control as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MyMiniBill (affected versions not specified) **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `orderid` parameter in a status action in the my orders.php file. **Recommendations** For MyMiniBill, consider restricting access to the my orders.php file until a patch is available. As a temporary workaround, avoid using the `orderid` parameter in the status action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component Seminar (com seminar) version 1.28 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a "View seminar" action to "index.php". **Recommendations** For version 1.28, consider restricting access to the `id` parameter in the "View seminar" action to "index.php" until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Pirate Radio Destiny Media Player version 1.61 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long string in a .pls playlist file. **Recommendations** For Pirate Radio Destiny Media Player version 1.61, consider avoiding the use of .pls playlist files with long strings until a patch is available. As a temporary workaround, restrict the handling of .pls files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** An image gallery version 1.0 **Description** The issue allows remote attackers to list arbitrary directories via a .. (dot dot) in the `path` parameter in the navigation.php file. **Recommendations** For version 1.0, consider restricting access to the navigation.php file or validating the `path` parameter to prevent directory traversal attacks. As a temporary workaround, restrict access to the vulnerable navigation.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP Paid 4 Mail Script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in the paidbanner.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MRCGIGUY The Ticket System version 2.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "viewticket" action, specifically targeting the admin.php file. **Recommendations** For version 2.0, consider restricting access to the `id` parameter in the "viewticket" action to minimize the risk of exploitation. As a temporary workaround, avoid using the `id` parameter in the affected admin.php file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TFM MMPlayer versions 2.0 through 2.0.0.30 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long string in a playlist (.m3u) file. **Recommendations** For TFM MMPlayer versions 2.0 through 2.0.0.30, avoid using long strings in playlist files until a patch is available. As a temporary workaround, consider restricting the use of playlist files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Hamster Audio Player version 0.3a **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved by providing a long string in either a .m3u or .hpl playlist file. **Recommendations** For Hamster Audio Player version 0.3a, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audio Article Directory (affected versions not specified) **Description** The issue allows remote attackers to read arbitrary files via directory traversal sequences in the `file` parameter of the "download.php" script. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DataCheck Solutions ForumPal FE version 1.1 DataCheck Solutions ForumPal version 1.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `password` parameter in version 1.1 and the `p password` parameter in version 1.5 of the login.asp file. **Recommendations** For DataCheck Solutions ForumPal FE version 1.1, avoid using the `password` parameter in the login.asp file until the issue is resolved. For DataCheck Solutions ForumPal version 1.5, avoid using the `p password` parameter in the login.asp file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Brothersoft PEamp version 1.02b **Description** A buffer overflow issue exists in the amp.exe component of Brothersoft PEamp, allowing user-assisted remote attackers to execute arbitrary code. This can be achieved by providing a long string in a .m3u playlist file. **Recommendations** For Brothersoft PEamp version 1.02b, consider avoiding the use of long strings in .m3u playlist files until a patch is available. As a temporary workaround, restrict the execution of arbitrary code by limiting the input length in .m3u files.

**Name of the Vulnerable Software and Affected Versions** Mp3-Nator version 2.0 **Description** The issue is related to a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved via a long string in a .plf file or a long string in the listdata.dat file, possibly related to a track entry. **Recommendations** For Mp3-Nator version 2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Opial version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `albumid` parameter in the albumdetail.php file. **Recommendations** For Opial version 1.0, consider restricting access to the albumdetail.php file until a patch is available. As a temporary workaround, avoid using the `albumid` parameter in the affected file to minimize the risk of exploitation.