Beks

Name of the Vulnerable Software and Affected Versions: CodeAvalanche News versions 1.x Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `CAT ID` parameter in the "inc listnews.asp" file. Recommendations: For CodeAvalanche News version 1.x, consider restricting access to the `CAT ID` parameter in the "inc listnews.asp" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Maxtricity Tagger version 0.1 **Description** The issue allows remote attackers to download a database containing passwords via a direct request for `tagger.mdb` due to insufficient access control. This is because sensitive information is stored under the web root. **Recommendations** For Maxtricity Tagger version 0.1, consider restricting access to the `tagger.mdb` file to minimize the risk of exploitation. Additionally, ensure proper access controls are implemented for sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** AllMyGuests versions 0.3.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `AMG serverpath` parameter to various PHP files, including "comments.php" and "signin.php", and possibly via a URL in unspecified parameters to other files such as "include/submit.inc.php", "admin/index.php", "include/cm submit.inc.php", and "index.php". **Recommendations** For AllMyGuests versions 0.3.0 and earlier, consider disabling the `AMG serverpath` parameter in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files, such as "comments.php", "signin.php", "include/submit.inc.php", "admin/index.php", "include/cm submit.inc.php", and "index.php", to minimize the risk of exploitation. Avoid using unspecified parameters in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webulas (affected versions not specified) **Description** The issue allows remote attackers to download a database containing passwords via a direct request for 'db/db.mdb' due to insufficient access control. This is because sensitive information is stored under the web root. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.