Almaster

Name of the Vulnerable Software and Affected Versions: Web Wiz Forums (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `KW` parameter in the "forum/search.asp" API endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DboardGear (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `buddy` parameter in "buddy.php", the `u2uid` parameter in "u2u.php", and an invalid theme file in the themes action to "ctrtools.php". **Recommendations** For DboardGear, consider restricting access to the "buddy.php" and "u2u.php" files until a patch is available. As a temporary workaround, avoid using the `buddy` and `u2uid` parameters in the respective API endpoints until the issue is resolved. Restrict access to the themes action in "ctrtools.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VBzoom (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script and HTML. Specifically, the vulnerabilities can be exploited via the `UserName` parameter to "profile.php" or the `UserID` parameter to "login.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.