Cold Zero

**Name of the Vulnerable Software and Affected Versions** PhotoPost vBGallery version 2.4.2 **Description** The issue allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. **Recommendations** For PhotoPost vBGallery version 2.4.2, consider restricting access to the upload.php file to prevent unauthorized file uploads until a fix is available. As a temporary workaround, restrict the types of files that can be uploaded to prevent executable files from being uploaded.

**Name of the Vulnerable Software and Affected Versions** Web Wiz Guestbook versions 6.0 through 8.21 **Description** The issue allows remote attackers to download the database and obtain sensitive information via a direct request for "database/WWGguestbook.mdb" due to insufficient access control. **Recommendations** For versions 6.0 through 8.21, consider restricting access to the database file WWGguestbook.mdb to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: eMetrix Online Keyword Research Tool (affected versions not specified) Description: A directory traversal issue exists in the download.php file, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the `filename` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: eMetrix Extract Website (affected versions not specified) Description: A directory traversal issue exists in the download.php file, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the `filename` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Liberum Help Desk version 0.97.3 **Description** The issue allows remote attackers to obtain passwords due to insufficient access control. Specifically, the `db/helpdesk2000.mdb` file is stored under the web root, enabling attackers to access it via a direct request. **Recommendations** For version 0.97.3, consider restricting access to the `db/helpdesk2000.mdb` file to prevent unauthorized access until a patch is available. As a temporary workaround, moving the file outside of the web root or implementing proper access controls can help mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Forest Blog version 1.3.2 **Description** The issue allows remote attackers to download the database file containing passwords via a direct request for `blog.mdb` due to insufficient access control. This is because sensitive information is stored under the web root. **Recommendations** For Forest Blog version 1.3.2, consider restricting access to the `blog.mdb` file to prevent unauthorized downloads until a proper fix is available. Additionally, review and improve access controls for sensitive information stored under the web root.

**Name of the Vulnerable Software and Affected Versions** SimpCMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `keyword` parameter in a search site action, specifically targeting the index.php file. **Recommendations** For SimpCMS, consider restricting access to the `keyword` parameter in the search site action until a patch is available. As a temporary workaround, avoid using the `keyword` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OmniStar Article Manager version not specified **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `page id` parameter in a favorite op action. This is a different vector than previously identified issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Joomla! com restaurante component (affected versions not specified) Description: The issue allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension, such as `.php.jpg`, which creates an accessible file under `img original/`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Joomla! com expose component versions prior to RC35 Description: The issue allows remote attackers to upload and execute arbitrary PHP code in the img/ folder. This is possible because the uploadimg.php file in the com expose component for Joomla! does not properly handle attempts to upload non-JPEG files, sending an error message but failing to exit the process. Recommendations: For versions prior to RC35, update to a version that includes a fix for this issue to prevent the upload and execution of arbitrary PHP code. As a temporary workaround, consider restricting access to the uploadimg.php file or the img/ folder to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Girlserv ads versions 1.5 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `idnew` parameter in the details news.php file. **Recommendations** For Girlserv ads versions 1.5 and earlier, update to a version later than 1.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** vBulletin Google Yahoo Site Map (vBGSiteMap) version 2.41 for vBulletin **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `base` parameter to API endpoints such as "vbgsitemap/vbgsitemap-config.php" or "vbgsitemap/vbgsitemap-vbseo.php". **Recommendations** For vBulletin Google Yahoo Site Map (vBGSiteMap) version 2.41, consider restricting access to the `vbgsitemap-config.php` and `vbgsitemap-vbseo.php` files until a patch is available. Avoid using the `base` parameter in the affected API endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! AutoStand module versions 1.1 and earlier **Description** A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter to "mod as category.php" in the "(1) modules/mod as category/ or (2) modules/" directory. **Recommendations** For AutoStand module versions 1.1 and earlier, avoid using the `mosConfig absolute path` parameter in the "mod as category.php" file until a patch is available. Restrict access to the "mod as category.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MiniBB Forum versions 1.5a and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `absolute path` parameter to `bb plugins.php` in certain components or `configuration.php`. This can be exploited through different vectors, including components/minibb/ or components/com minibb. **Recommendations** For MiniBB Forum versions 1.5a and earlier, consider disabling access to `bb plugins.php` in components/minibb/ and components/com minibb, and restrict modifications to `configuration.php` until a fix is available. Avoid using the `absolute path` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Joomla! Be2004-2 template (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the index.php file of the Be2004-2 template for Joomla!. **Recommendations** For the Be2004-2 template, consider restricting access to the `mosConfig absolute path` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `mosConfig absolute path` parameter in the affected index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JoomlaPack (com jpack) version 1.0.4a2 RE **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter in the includes/CAltInstaller.php file. **Recommendations** For JoomlaPack (com jpack) version 1.0.4a2 RE, avoid using the `mosConfig absolute path` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the includes/CAltInstaller.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Jx Development Article versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `absolute path` parameter to "com articles.php" in components or classes/html. **Recommendations** For Jx Development Article versions 1.1 and earlier, as a temporary workaround, consider restricting access to the "com articles.php" file until a patch is available. Avoid using the `absolute path` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Mambo Calendar Module (com calendar) version 1.5.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `absolute path` parameter to (1) "com calendar.php" or (2) "mod calendar.php" API endpoints. **Recommendations** For Mambo Calendar Module (com calendar) version 1.5.5, consider restricting access to the `absolute path` parameter in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `absolute path` parameter in the "com calendar.php" and "mod calendar.php" endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mambo and Joomla! (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `absolute path` parameter in the mod weather.php file of the Antonis Ventouris Weather module. **Recommendations** For the affected versions, consider restricting access to the mod weather.php file until a patch is available. As a temporary workaround, avoid using the `absolute path` parameter in the mod weather.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Flatmenu versions 1.07 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. This is a result of a PHP remote file inclusion vulnerability in the mod flatmenu.php file of the Flatmenu Mambo module. Recommendations: For versions 1.07 and earlier, consider disabling the `mod flatmenu.php` file until a patch is available to prevent exploitation. Restrict access to the `mosConfig absolute path` parameter to minimize the risk of arbitrary PHP code execution.