Aniket Dinda

Name of the Vulnerable Software and Affected Versions: TP-Link Wireless N Router WR840N (affected versions not specified) Description: The issue concerns a buffer overflow caused by an ARP poisoning attack. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Online Lottery PHP Readymade Script version 1.7.0 **Description** The issue concerns a Cross-Site Request Forgery (CSRF) flaw related to Edit Profile actions. **Recommendations** For PHP Scripts Mall Online Lottery PHP Readymade Script version 1.7.0, consider implementing proper CSRF token validation for the Edit Profile action to prevent unauthorized changes.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Online Lottery PHP Readymade Script version 1.7.0 **Description** The issue concerns a Reflected Cross-site Scripting (XSS) flaw. This occurs via the `err` value in a .ico picture upload. **Recommendations** For PHP Scripts Mall Online Lottery PHP Readymade Script version 1.7.0, consider validating and sanitizing user input for the `err` value to prevent XSS attacks. As a temporary workaround, restrict the upload of .ico pictures until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR840N (affected versions not specified) **Description** The issue is caused by a buffer overflow in the memory of TP-Link TL-WR840N router firmware. This can be exploited by a remote attacker to cause a denial of service, resulting in a networking outage, by sending fragmented packets. An example of how this can be done is by using the "nmap -f" command. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Amazon Affiliate Store version 2.1.6 **Description** The issue allows for parameter tampering of the `payment amount` variable. This means an attacker could potentially manipulate the payment amount during a transaction. **Recommendations** For PHP Scripts Mall Amazon Affiliate Store version 2.1.6, consider restricting access to the payment processing module to minimize the risk of exploitation until a patch is available. Avoid using the `payment amount` variable in affected transactions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Personal Video Collection Script version 4.0.4 **Description** The issue is related to Stored XSS, which occurs via the "Update profile" feature. **Recommendations** For version 4.0.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Medical Store Script version 3.0.3 **Description** The issue allows path traversal by navigating to the parent directory of a jpg or png file. **Recommendations** For PHP Scripts Mall Medical Store Script version 3.0.3, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall PHP Appointment Booking Script version 3.0.3 **Description** The issue allows HTML injection in a user profile, which could potentially be used to inject malicious code. **Recommendations** For PHP Scripts Mall PHP Appointment Booking Script version 3.0.3, consider validating and sanitizing user input to prevent HTML injection until a patch is available. As a temporary workaround, restrict the ability for users to input HTML code in their profiles to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Online Food Ordering Script version 1.0 **Description** The issue concerns a Cross-Site Request Forgery (CSRF) in the my-account.php file. This means an attacker could potentially trick a user into performing unintended actions on the web application. **Recommendations** For PHP Scripts Mall Online Food Ordering Script version 1.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests. As a temporary workaround, restrict access to the my-account.php file until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Auction website script version 2.0.4 **Description** The issue allows for parameter tampering of the `payment amount` variable. This means an attacker could potentially manipulate the payment amount during a transaction. **Recommendations** For PHP Scripts Mall Auction website script version 2.0.4, consider validating and sanitizing the `payment amount` variable to prevent tampering. As a temporary workaround, restrict access to the payment processing module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Cab Booking Script version 1.0.3 **Description** The issue allows Directory Traversal into the parent directory of a jpg or png file. **Recommendations** For PHP Scripts Mall Cab Booking Script version 1.0.3, consider restricting access to sensitive directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Custom T-Shirt Ecommerce Script version 3.1.1 **Description** The issue allows for parameter tampering of the `payment amount` variable, potentially enabling unauthorized modifications to payment amounts. **Recommendations** For PHP Scripts Mall Custom T-Shirt Ecommerce Script version 3.1.1, consider validating and sanitizing the `payment amount` variable to prevent tampering. As a temporary workaround, restrict access to the payment processing module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP Scripts Mall Responsive Video News Script (affected versions not specified) **Description** The issue allows for XSS via the Search Bar, which could be used for HTML injection or URL redirection. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Link DIR-615 (affected versions not specified) **Description** A buffer overflow issue exists due to a long Authorization HTTP header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link WR840N (affected versions not specified) **Description** The issue is related to a buffer overflow that can be triggered by a long Authorization HTTP header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link WR840N (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, resulting in connectivity loss. This is achieved by sending a series of packets with random MAC addresses. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.