Y3Dips

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.0.10 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by using a URI for a large GIF image in the BACKGROUND attribute of a BODY element. **Recommendations** For Mozilla Firefox versions 3.0.10 and earlier, update to a version later than 3.0.10 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: OPENi-CMS version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `config[oi dir]` and possibly `config[openi dir]` parameters to "open-admin/plugins/site protection/index.php" API endpoint. Recommendations: For OPENi-CMS version 1.0, avoid using the `config[oi dir]` and `config[openi dir]` parameters in the "open-admin/plugins/site protection/index.php" API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cadre PHP Framework version 20020724 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `config` parameter, specifically `GLOBALS[config][framework path]`. **Recommendations** For Cadre PHP Framework version 20020724, consider restricting access to the `fw/class.Quick Config Browser.php` file until a patch is available. As a temporary workaround, avoid using the `GLOBALS[config][framework path]` parameter in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** Upload-Service version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `maindir` parameter when `register globals` is enabled. This is a result of a PHP remote file inclusion vulnerability in the upload/top.php file. **Recommendations** For Upload-Service version 1.0, consider disabling the `register globals` setting to prevent exploitation, and restrict access to the upload/top.php file until a patch is available. As a temporary workaround, avoid using the `maindir` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Opera version 9 **Description** The issue is related to a crafted web page that triggers an out-of-bounds memory access, specifically when a malformed 'iframe' tag is combined with JavaScript to access certain style sheet properties. This can cause a denial of service, resulting in a crash and loss of availability for the browser. **Recommendations** For Opera version 9, consider disabling JavaScript or restricting access to iframes as a temporary workaround to minimize the risk of exploitation. Avoid using style sheet properties in combination with iframes until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apache Java Mail Enterprise Server (aka Apache James) version 2.2.0 **Description** The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by sending a long argument to the `MAIL` command in the SMTP server. **Recommendations** For Apache Java Mail Enterprise Server (aka Apache James) version 2.2.0, consider restricting access to the SMTP server or limiting the length of arguments to the `MAIL` command as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** sphpBlog version 0.4.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `q` parameter in the "search.php" file. **Recommendations** For sphpBlog version 0.4.0, consider validating and sanitizing user input for the `q` parameter to prevent XSS attacks. As a temporary workaround, restrict access to the search functionality until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Simple PHP Blog (sphpBlog) version 0.4.0 **Description** The issue allows remote attackers to obtain sensitive information via a direct request to "sb functions.php", which leaks the full pathname in a PHP error message. **Recommendations** For Simple PHP Blog (sphpBlog) version 0.4.0, consider restricting access to the "sb functions.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Simple PHP Blog (sphpBlog) version 0.4.0 **Description** The issue allows remote attackers to obtain sensitive information by directly requesting certain files. This includes accessing the `password.txt` and `config.txt` files, potentially leading to password cracking. **Recommendations** For Simple PHP Blog (sphpBlog) version 0.4.0, consider moving the `password.txt` and `config.txt` files outside of the web document root to prevent direct access. As a temporary workaround, restrict access to these files until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** auraCMS version 1.5 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via specific parameters, including the `hits` parameter to "hits.php", the `query` parameter to "index.php", or the `theCount` parameter to "counter.php". **Recommendations** For auraCMS version 1.5, consider disabling access to the vulnerable parameters `hits`, `query`, and `theCount` in their respective scripts until a patch is available. Restrict access to "hits.php", "index.php", and "counter.php" to minimize the risk of exploitation. Avoid using these parameters in the affected scripts until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** auraCMS version 1.5 **Description** The issue allows remote attackers to obtain sensitive information via an HTTP request with an invalid `id` parameter to API endpoints such as "teman.php", "hal.php", or "arsip.php", which reveals the path in a PHP error message. **Recommendations** For auraCMS version 1.5, consider restricting access to the "teman.php", "hal.php", and "arsip.php" endpoints until a patch is available, and avoid using the `id` parameter in these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Exponent version 0.95 **Description** The issue allows remote attackers to obtain sensitive information via a direct HTTP request to specific API endpoints, including "search.info.php", "permissions.info.php", "security.info.php", "formcontrol.php", or "file modules.php". These endpoints reveal the path in an error message because the `pathos core version` variable is undefined. **Recommendations** For Exponent version 0.95, consider restricting access to the vulnerable API endpoints "search.info.php", "permissions.info.php", "security.info.php", "formcontrol.php", and "file modules.php" to minimize the risk of exploitation. Additionally, defining the `pathos core version` variable could prevent the error message from revealing sensitive path information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exponent version 0.95 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are found in index.php or mod.php via the `module` parameter. **Recommendations** For Exponent version 0.95, consider restricting access to the `module` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `module` parameter in index.php or mod.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion version 4.00 **Description** The issue allows remote attackers to obtain sensitive information via a direct HTTP request. This is achieved through the updateuser.php and forums prune.php scripts, which reveal the installation path in an error message. **Recommendations** For PHP-Fusion version 4.00, consider restricting access to the updateuser.php and forums prune.php scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Just Another Flat file (JAF) CMS version 3.0RC **Description** The issue allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the `show` parameter of the index.php file. **Recommendations** For Just Another Flat file (JAF) CMS version 3.0RC, consider restricting access to the index.php file until a patch is available, and avoid using the `show` parameter with unvalidated input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Jetbox One version 2.0.8 Description: The issue allows attackers to gain sensitive information because passwords are stored in the database in plaintext. Recommendations: For version 2.0.8, update the software to a version that securely stores passwords, such as using hashing and salting, to prevent attackers from obtaining sensitive information.

**Name of the Vulnerable Software and Affected Versions** AJ-Fork version 167 **Description** The issue arises from the documentation of AJ-Fork, which suggests setting permissions for `users.db.php` to 777. This setting allows local users to execute arbitrary PHP code, potentially leading to privilege escalation as the administrator. **Recommendations** For AJ-Fork version 167, change the permissions of `users.db.php` to a more restrictive setting to prevent local users from executing arbitrary PHP code.

**Name of the Vulnerable Software and Affected Versions** YaBB SE version 1.5.1 **Description** The issue allows remote attackers to obtain sensitive information via a direct HTTP request to "Admin.php", which reveals the full path in a PHP error message. **Recommendations** For YaBB SE version 1.5.1, consider restricting access to the "Admin.php" file until a patch is available.