Aodrulez

**Name of the Vulnerable Software and Affected Versions** Banana Dance versions prior to B.1.5 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the user.php file. **Recommendations** For versions prior to B.1.5, update to version B.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the user.php file to minimize the risk of exploitation. Avoid using the `id` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** tinyBB version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This can be achieved via the `id` parameter in a profile action to "index.php". **Recommendations** For tinyBB version 1.2, consider disabling the profile action to index.php or restricting access to the `id` parameter until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** K-Lite Mega Codec Pack version 3.5.7.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a malformed FLV file. **Recommendations** For K-Lite Mega Codec Pack version 3.5.7.0, consider updating to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.