Boecke

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.0 **Description** The issue is related to multiple buffer overflows in the iisfunc extension, specifically in the php iisfunc.dll file. This allows context-dependent attackers to execute arbitrary code, likely during Unicode conversion. The vulnerability can be triggered by a long string in the first argument to the `iis getservicestate` function, and is also related to the `ServiceId` argument in functions such as `fnStartService`, `fnGetServiceState`, and `fnStopService`. **Recommendations** For PHP versions prior to 5.2.0, update to a version that is 5.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the iisfunc extension or limiting the input to the `iis getservicestate` function and related functions to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.2.0 **Description** A buffer overflow issue exists in the win32std extension, specifically in the php win32std.dll file, allowing context-dependent attackers to execute arbitrary code. This is achieved by passing a long string in the filename argument to the `win browse file` function. **Recommendations** For versions prior to 5.2.0, update to a version that contains a fix for this issue to prevent arbitrary code execution. As a temporary workaround, consider restricting the use of the `win browse file` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** phpBB Import Tools Mod versions 0.1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter. This is a result of a PHP remote file inclusion vulnerability in the includes/functions mod user.php file. **Recommendations** For versions 0.1.4 and earlier, consider restricting access to the `phpbb root path` parameter to minimize the risk of exploitation. Avoid using the `phpbb root path` parameter with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: XM Easy Personal FTP Server versions 5.2.1 and earlier Description: The issue allows remote authenticated users to cause a denial of service, potentially by providing a long argument to the NLST command, possibly involving the -al flags. Recommendations: For versions 5.2.1 and earlier, consider restricting access to the NLST command or limiting the length of arguments that can be passed to it until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Ajax Shoutbox module for phpBB versions 0.0.5 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter. This is a result of a PHP remote file inclusion vulnerability in the shoutbox.php file. **Recommendations** For Ajax Shoutbox module for phpBB versions 0.0.5 and earlier, consider disabling the `shoutbox.php` file until a patch is available to prevent remote file inclusion attacks. Restrict access to the `phpbb root path` parameter to minimize the risk of exploitation.