Bl0Od3R

**Name of the Vulnerable Software and Affected Versions** ZomPlog versions 3.7.6 and earlier **Description** A directory traversal issue exists in the themes/default/ directory of ZomPlog, allowing remote attackers to include arbitrary local files by using a .. (dot dot) in the `settings[skin]` parameter. This can be exploited to inject PHP code into an Apache HTTP Server log file, which can then be included via themes/default/. **Recommendations** For ZomPlog versions 3.7.6 and earlier, as a temporary workaround, consider restricting access to the themes/default/ directory to minimize the risk of exploitation. Avoid using the `settings[skin]` parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XLAtunes versions 0.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `album` parameter in view mode. Recommendations: For XLAtunes versions 0.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Formbankserver version 1.9 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using directory traversal sequences in the `Name` parameter of the formbankcgi.exe/AbfrageForm endpoint. **Recommendations** For Formbankserver version 1.9, consider restricting access to the formbankcgi.exe/AbfrageForm endpoint until a patch is available. As a temporary workaround, avoid using the `Name` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Fersch Formbankserver version 1.9 Description: The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending multiple requests with many /../ sequences in the `Name` parameter when the PATH INFO begins with 'Abfrage'. Recommendations: For Fersch Formbankserver version 1.9, consider restricting access to the `formbankcgi.exe` to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `Name` parameter in requests when the PATH INFO starts with 'Abfrage' to prevent daemon crashes.

**Name of the Vulnerable Software and Affected Versions** Fantastic News versions 2.1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "news.php" file. **Recommendations** For Fantastic News versions 2.1.4 and earlier, update to a version later than 2.1.4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: The Web Drivers Simple Forum (affected versions not specified) Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the "message details.php" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IPrimal Forums version as of 20061105 Description: The issue allows remote attackers to bypass authentication and modify user passwords via a direct request to 'admin/index.php', possibly related to an authentication issue in 'admin/chk admin.php'. Recommendations: For IPrimal Forums version as of 20061105, consider restricting access to 'admin/index.php' and 'admin/chk admin.php' to prevent unauthorized password modifications until a fix is available.

Name of the Vulnerable Software and Affected Versions: IPrimal Forums (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `p` parameter in certain PHP files, including `index.php` and `admin/index.php`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.