Vrs-Hck

**Name of the Vulnerable Software and Affected Versions** Joomla! component com joomlapicasa2 versions 2.0 through 2.0.5 **Description** The issue allows remote attackers to read arbitrary local files via a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For versions 2.0 through 2.0.5, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the `controller` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com svmap version 1.1.1 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** For version 1.1.1, consider restricting access to the com svmap component until a patch is available. As a temporary workaround, avoid using the `controller` parameter in the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! (affected versions not specified) **Description** A directory traversal issue exists in the Magic Updater component, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `controller` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** E-Xoopport version 3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `lid` parameter in a "viewannonces" action to "index.php". **Recommendations** For E-Xoopport version 3.1, consider restricting access to the "viewannonces" action in "index.php" to minimize the risk of exploitation, and avoid using the `lid` parameter until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Censura version 1.16.04 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `itemid` parameter in a "details" action. **Recommendations** For version 1.16.04, avoid using the `itemid` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the censura.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Censura version 1.16.04 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `itemid` parameter in a "details" action. **Recommendations** For Censura version 1.16.04, avoid using the `itemid` parameter in the affected API endpoint until the issue is resolved. Restrict access to the censura.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RWCards (com rwcards) version 3.0.11 **Description** A directory traversal issue exists in the captcha/captcha image.php file of the RWCards component for Joomla!. This issue allows remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. The attack is performed by using directory traversal sequences in the `img` parameter of a vulnerable API endpoint, such as "/captcha/captcha image.php". **Recommendations** For RWCards (com rwcards) version 3.0.11, consider disabling the `captcha image.php` file until a patch is available, or enable magic quotes gpc to prevent the exploitation of this issue. Restrict access to the `captcha/captcha image.php` file to minimize the risk of exploitation. Avoid using the `img` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ionFiles (com ionfiles) version 4.4.2 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the download.php file. This is achieved by using a .. (dot dot) in the `file` parameter. **Recommendations** For ionFiles (com ionfiles) version 4.4.2, consider restricting access to the download.php file until a patch is available. As a temporary workaround, avoid using the `file` parameter in the download.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MyForum version 1.3 **Description** A directory traversal issue exists in the admin/centre.php file of MyForum. When register globals is enabled, remote attackers can include and execute arbitrary local files by using directory traversal sequences in the `padmin` parameter. **Recommendations** For MyForum version 1.3, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the admin/centre.php file until a patch is available. Avoid using the `padmin` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Graphiks MyForum version 1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the lecture.php file when register globals is enabled. **Recommendations** For Graphiks MyForum version 1.3, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the lecture.php file until a proper fix is applied. Avoid using the `id` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** yappa-ng versions 2.3.2 through 2.3.3-beta0 **Description** A directory traversal issue exists in index.php, allowing remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `album` parameter. **Recommendations** For yappa-ng versions 2.3.2 through 2.3.3-beta0, consider enabling magic quotes gpc to prevent the exploitation of this issue. As a temporary workaround, restrict access to the album parameter in the index.php file to minimize the risk of arbitrary file inclusion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.