0In

**Name of the Vulnerable Software and Affected Versions** Neostrada Livebox ADSL Router (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in a network outage. This can be achieved by sending multiple HTTP requests for the "/-" URI, which is an API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Smeego version 1.0 Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `lang` cookie, when `magic quotes gpc` is disabled. This is a directory traversal vulnerability in the `index.php` file. Recommendations: For Smeego version 1.0, consider disabling the `index.php` file or restricting access to it until a patch is available. As a temporary workaround, enable `magic quotes gpc` to prevent the exploitation of this issue. Restrict the use of the `lang` cookie to minimize the risk of directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** Prediction Football versions 1.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `matchid` parameter in a "dupa" action in the showpredictionsformatch.php file. **Recommendations** For Prediction Football version 1.x, consider restricting access to the showpredictionsformatch.php file until a patch is available, and avoid using the `matchid` parameter in the affected action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Home FTP Server version 1.4.5.89 **Description** The issue allows remote attackers to cause a denial of service by crashing the server. This can be achieved by opening a FTP passive mode connection and then closing the original FTP connection. **Recommendations** For Home FTP Server version 1.4.5.89, consider disabling FTP passive mode connections as a temporary workaround until a patch is available. Restrict access to the FTP server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Tiger Php News System (TPNS) versions 1.0b and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in a "newscat" action in the index.php file. **Recommendations** For versions 1.0b and earlier, update to a version later than 1.0b to resolve the issue. As a temporary workaround, consider restricting access to the `catid` parameter in the index.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PicoFlat CMS versions 0.4.14 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `pagina` parameter in the index.php file. Recommendations: For PicoFlat CMS versions 0.4.14 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppawid version 2.7 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `form` parameter. This is a result of a PHP remote file inclusion vulnerability in the `mail/childwindow.inc.php` file. **Recommendations** For Poppawid version 2.7, consider restricting access to the `mail/childwindow.inc.php` file to minimize the risk of exploitation. Avoid using the `form` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** North Country Public Radio Public Media Manager (PMM) version 1.3 **Description** The issue concerns a remote file inclusion vulnerability. This allows remote attackers to execute arbitrary PHP code via a URL in the `indir` parameter. **Recommendations** For version 1.3, consider restricting access to the `news/newstopic inc.php` file to minimize the risk of exploitation. Avoid using the `indir` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** chupix version 0.2.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `repertoire` parameter when `register globals` is enabled. This is a result of a remote file inclusion vulnerability in the admin/include/header.php file. **Recommendations** For chupix version 0.2.3, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the admin/include/header.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `repertoire` parameter in URLs for the affected file until the issue is resolved.