Corryl

**Name of the Vulnerable Software and Affected Versions** Img Pals Photo Host version 1.0 **Description** The issue concerns a lack of authentication for requests in the approve.php file, allowing remote attackers to modify administrator activation status. This can be achieved by manipulating the `u` parameter in specific actions, such as app0 to disable or app1 to enable administrator accounts. **Recommendations** For Img Pals Photo Host version 1.0, consider temporarily restricting access to the approve.php file until a proper authentication mechanism is implemented to prevent unauthorized changes to administrator accounts. As a mitigation measure, avoid using the `u` parameter in the affected actions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Img Pals Photo Host version 1.0 **Description** The issue concerns SQL injection vulnerabilities in the approve.php file. Remote attackers can execute arbitrary SQL commands via the `u` parameter in certain actions, specifically in (1) app0 or (2) app1 actions. **Recommendations** For Img Pals Photo Host version 1.0, consider restricting access to the approve.php file until a fix is available, and avoid using the `u` parameter in app0 or app1 actions to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Link Request Contact Form version 3.4 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, such as image/jpeg. Recommendations: For version 3.4, consider restricting file uploads to only allow specific, non-executable file types, and validate the content type of uploaded files to prevent exploitation. As a temporary workaround, consider disabling the file upload feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** TygerBT version 1.1.3 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the PATH INFO to specific API endpoints: "Login.php" and "Register.php". **Recommendations** For TygerBT version 1.1.3, consider disabling access to the "Login.php" and "Register.php" endpoints until a patch is available. Restrict input to these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TygerBT version 1.1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `s` parameter in the ViewBugs.php file. **Recommendations** For TygerBT version 1.1.3, avoid using the `s` parameter in the ViewBugs.php file until a patch is available. Consider restricting access to the ViewBugs.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: myBloggie version 2.1.5 Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the PATH INFO string in files such as index.php and login.php. Recommendations: For myBloggie version 2.1.5, consider restricting access to the PATH INFO string in the affected files, such as index.php and login.php, to minimize the risk of exploitation. As a temporary workaround, avoid using the PATH INFO string in these files until a patch is available.

Name of the Vulnerable Software and Affected Versions: SmE FileMailer version 1.21 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `us` parameter in the "index.php" file. Recommendations: For SmE FileMailer version 1.21, consider restricting access to the `us` parameter in the "index.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SMe FileMailer version 1.21 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ps` parameter in the Password field of the login form, located in the index.php file. Recommendations: For version 1.21, consider restricting access to the login form in index.php to minimize the risk of exploitation. Avoid using the `ps` parameter in the Password field until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: logahead UNU version 1.0 before 20061226 Description: The issue allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/ widged.php, possibly because of an authentication bypass. Recommendations: For logahead UNU version 1.0 before 20061226, consider restricting access to the plugins/widged/ widged.php file until a fix is available. As a temporary workaround, review and strengthen authentication mechanisms to prevent bypass.

Name of the Vulnerable Software and Affected Versions: TimberWolf version 1.2.2 Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `nid` parameter in the shownews.php file. Recommendations: For TimberWolf version 1.2.2, consider restricting access to the shownews.php file until a patch is available, and avoid using the `nid` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Essentia Web Server version 2.15 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long URI, as demonstrated by a GET or HEAD request to API endpoints such as "/api/v1/login" or "/users/{id}". This can be achieved by manipulating the `uri` variable. **Recommendations** For Essentia Web Server version 2.15, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to API endpoints that may be vulnerable to buffer overflow attacks until a patch is available. Avoid using long URIs in requests to the server until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** DEV Web Management System (WMS) version 1.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `action` parameter in the "index.php" file. **Recommendations** For DEV Web Management System (WMS) version 1.5, avoid using the `action` parameter in the index.php file until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** myBloggie versions 2.1.1 through 2.1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different modes, including the `keyword` parameter in "search.php", the `date no` parameter in viewdate mode, the `cat id` parameter in viewcat mode, the `month no` or `year` parameter in viewmonth mode, or the `post id` parameter in viewid mode to "index.php". **Recommendations** For myBloggie versions 2.1.1 through 2.1.3, consider restricting access to the vulnerable parameters `keyword`, `date no`, `cat id`, `month no`, `year`, and `post id` in their respective modes until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** myBloggie version 2.1.1 **Description** The issue allows remote attackers to delete arbitrary comments by modifying the `comment id` parameter in the delcomment.php file. **Recommendations** For myBloggie version 2.1.1, consider restricting access to the delcomment.php file until a patch is available. As a temporary workaround, avoid using the `comment id` parameter in the delcomment.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** myBloggie version 2.1.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several parameters in viewmode.php and index.php, which are not properly sanitized before being displayed in an error message. Specifically, the `year` parameter in viewmode.php and the `cat id`, `month no`, and `post id` parameters in index.php are vulnerable. **Recommendations** For myBloggie version 2.1.1, consider disabling the vulnerable parameters `year`, `cat id`, `month no`, and `post id` in viewmode.php and index.php until a patch is available. Restrict access to the error messages that display these parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** myBloggie version 2.1.1 **Description** The issue allows remote attackers to obtain sensitive information via an invalid `post id` parameter in the "index.php" endpoint, which reveals the path in an error message. **Recommendations** For myBloggie version 2.1.1, consider restricting access to the "index.php" endpoint until a patch is available, or avoid using the `post id` parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MailEnable Enterprise versions 1.04 and earlier MailEnable Professional versions 1.54 and earlier Description: A buffer overflow issue in the HTTPMail component allows remote attackers to execute arbitrary code by sending a long HTTP Authorization header. Recommendations: For MailEnable Enterprise versions 1.04 and earlier, update to a version later than 1.04 to resolve the issue. For MailEnable Professional versions 1.54 and earlier, update to a version later than 1.54 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Shoutbox SCRIPT versions 3.0.2 and earlier **Description** The issue allows remote attackers to obtain sensitive information by making a direct request to "db/settings.dat", which displays usernames and password hashes. **Recommendations** For Shoutbox SCRIPT versions 3.0.2 and earlier, restrict access to the db/settings.dat file to prevent unauthorized disclosure of sensitive information. Consider implementing proper access controls and security measures to protect sensitive data.

**Name of the Vulnerable Software and Affected Versions** TowerBlog versions 0.6 and earlier **Description** The issue allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the ` dat/login` file, as the login data file is stored under the web root. **Recommendations** For TowerBlog versions 0.6 and earlier, consider restricting access to the ` dat/login` file to minimize the risk of exploitation. As a temporary workaround, move the login data file outside of the web root until a more permanent solution is available.

**Name of the Vulnerable Software and Affected Versions** MailEnable Enterprise versions 1.04 and earlier MailEnable Professional versions 1.54 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a server crash. This is achieved by sending an EHLO command that contains a Unicode string to the SMTP service. **Recommendations** For MailEnable Enterprise versions 1.04 and earlier, update to a version later than 1.04 to resolve the issue. For MailEnable Professional versions 1.54 and earlier, update to a version later than 1.54 to resolve the issue. As a temporary workaround, consider restricting access to the SMTP service to minimize the risk of exploitation.