0X90

**Name of the Vulnerable Software and Affected Versions** Cherokee Web Server version 0.5.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in the daemon crashing. This can be achieved by including an MS-DOS reserved word in a URI. For example, using the AUX reserved word can demonstrate this issue. **Recommendations** For Cherokee Web Server version 0.5.4, consider restricting access to the server to prevent remote attackers from exploiting this issue until a patch is available. As a temporary workaround, avoid using MS-DOS reserved words in URIs to minimize the risk of daemon crashes.

Name of the Vulnerable Software and Affected Versions: Mevin Productions Basic PHP Events Lister version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "event.php" file. Recommendations: For Mevin Productions Basic PHP Events Lister version 1.0, consider restricting access to the `id` parameter in the "event.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MyFWB version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `page` parameter in the "index.php" file. **Recommendations** For MyFWB version 1.0, consider restricting access to the `page` parameter in the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RPG.Board versions 0.8 Beta2 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `showtopic` parameter in the "index.php" file. **Recommendations** For RPG.Board versions 0.8 Beta2 and earlier, avoid using the `showtopic` parameter in the "index.php" file until a fix is available. As a temporary workaround, consider restricting access to the "index.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Avant Browser versions 11.7 Build 9 and earlier **Description** The issue is related to an integer overflow in the JavaScript engine, which can be triggered by attempting to URL encode a string containing many instances of an invalid character. This can cause a denial of service, resulting in an application crash. **Recommendations** For Avant Browser versions 11.7 Build 9 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** phpAddressBook versions 2.0 through 2.11 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `skin` parameter to API endpoints such as "index.php" and "install.php". **Recommendations** For versions 2.0 through 2.11, consider restricting access to the "index.php" and "install.php" API endpoints to minimize the risk of exploitation. Avoid using the `skin` parameter in these endpoints until the issue is resolved.