Darkfig

**Name of the Vulnerable Software and Affected Versions** phpSlash versions 0.8.1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via the `fields` parameter, which is supplied to an `eval()` function call within the `generic` function in `include/class/tz env.class`. **Recommendations** For phpSlash versions 0.8.1.1 and earlier, consider disabling the `eval()` function call within the `generic` function in `include/class/tz env.class` as a temporary workaround until a patch is available. Restrict access to the `fields` parameter in the affected API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Belkin Wireless G Plus MIMO Router F5D9230-4 **Description** The issue concerns the web server in the Belkin Wireless G Plus MIMO Router F5D9230-4, which does not require authentication for the "SaveCfgFile.cgi" endpoint. This allows remote attackers to read and modify the configuration by making a direct request to the "SaveCfgFile.cgi" endpoint. **Recommendations** For Belkin Wireless G Plus MIMO Router F5D9230-4, consider restricting access to the "SaveCfgFile.cgi" endpoint until a patch is available. As a temporary workaround, limit remote access to the router's web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JBC Explorer versions 7.20 RC1 and earlier **Description** A direct static code injection issue exists, allowing remote authenticated administrators to inject arbitrary PHP code via the `DEBUG` parameter. This code can be executed by accessing config.inc.php. It's also possible for unauthenticated remote attackers to exploit this issue. **Recommendations** For JBC Explorer versions 7.20 RC1 and earlier, consider disabling access to the config/post.php module until a fix is available. As a temporary workaround, restrict the use of the `DEBUG` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JBC Explorer versions 7.20 RC1 and earlier **Description** The issue concerns a lack of authentication requirement in a specific module, allowing remote attackers to perform certain actions without proper authorization. Specifically, attackers can delete a critical file named auth.inc.php by manipulating the `suppr` parameter, and then re-create this file with malicious contents that define a new account name and password for JBC Explorer by using the `login` and `password` parameters. **Recommendations** For JBC Explorer versions 7.20 RC1 and earlier, as a temporary workaround, consider restricting access to the auth.php module to minimize the risk of exploitation. Avoid using the `suppr`, `login`, and `password` parameters in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Pluxml version 0.3.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `msg` parameter in the admin/auth.php file. **Recommendations** For Pluxml version 0.3.1, consider restricting access to the admin/auth.php file until a patch is available, and avoid using the `msg` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pluxml version 0.3.1 **Description** The issue allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename, due to an unrestricted file upload vulnerability in the admin/images.php file. **Recommendations** For Pluxml version 0.3.1, consider restricting file uploads to only allowed file types and validating user input to prevent arbitrary PHP code execution. As a temporary workaround, restrict access to the admin/images.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PHP (affected versions not specified) Hardened-PHP (affected versions not specified) Suhosin (affected versions not specified) Description: The issue concerns the `parse str` function, which may allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed when called without a second parameter. This could potentially be regarded as a design limitation of the function or a bug in the affected software. Recommendations: For PHP, consider adding a second parameter to the `parse str` function to prevent variable overwriting. For Hardened-PHP, consider modifying the `parse str` function to handle cases where it is called without a second parameter. For Suhosin, consider restricting the use of the `parse str` function until a more robust solution is implemented. As a temporary workaround, consider disabling the use of the `parse str` function without a second parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nuked-klaN version 1.7.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `X FORWARDED FOR` HTTP header in the "X-Forwarded-For" header, as demonstrated by a request to the "/nk/" API endpoint. **Recommendations** For Nuked-klaN version 1.7.6, consider restricting access to the `/nk/` API endpoint until a patch is available, and avoid using the `X FORWARDED FOR` header in requests to this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PunBB versions 1.2.14 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the Referer HTTP header to 'misc.php' or the category name when deleting a category in 'admin categories.php'. **Recommendations** For PunBB versions 1.2.14 and earlier, update to a version later than 1.2.14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PunBB versions 1.2.14 and earlier **Description** The issue arises from improper handling of a disabled ini get function when checking the register globals setting in include/common.php. This allows remote attackers to register global parameters. An example of exploitation is an SQL injection attack on the `search id` parameter to "search.php". **Recommendations** For PunBB versions 1.2.14 and earlier, consider disabling the register globals setting to prevent global parameter registration until a proper fix is applied. As a temporary workaround, restrict access to the "search.php" endpoint to minimize the risk of SQL injection attacks. Avoid using the `search id` parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MyBB versions 1.2.3 and earlier **Description** A SQL injection issue exists in the create session function in class session.php, allowing remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, which is utilized by index.php. **Recommendations** For MyBB versions 1.2.3 and earlier, as a temporary workaround, consider restricting access to the create session function in class session.php until a patch is available. Avoid using the Client-IP HTTP header in the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** NukeSentinel versions 2.5.06 and earlier **Description** The issue arises from a permissive regular expression used to validate an IP address in the nukesentinel.php file. This allows remote attackers to execute arbitrary SQL commands by manipulating the Client-IP HTTP header. The problem is attributed to an incomplete patch. **Recommendations** For NukeSentinel versions 2.5.06 and earlier, update the nukesentinel.php file to use a more restrictive regular expression for IP address validation to prevent SQL command execution via the Client-IP HTTP header.

**Name of the Vulnerable Software and Affected Versions** Connectix Boards versions 0.7 and earlier **Description** The issue allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the `uploadimage` parameter to "admin.php". This can be later accessed via a direct request for the file in "smileys/". It can also be leveraged with a separate SQL injection issue for remote unauthenticated attacks. **Recommendations** For Connectix Boards versions 0.7 and earlier, restrict access to the `admin.php` endpoint and the `uploadimage` parameter to prevent exploitation until a fix is available. As a temporary workaround, consider disabling the image upload functionality in `admin.bbcode.php` to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** Connectix Boards versions 0.7 and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands and obtain privileges. This is achieved via the `p skin` parameter to "index.php". **Recommendations** For Connectix Boards versions 0.7 and earlier, avoid using the `p skin` parameter in the "index.php" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NukeSentinel versions 2.5.05 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `Client-IP` HTTP header. This can lead to unauthorized access and manipulation of sensitive data. **Recommendations** For versions 2.5.05 and earlier, consider restricting access to the `nukesentinel.php` file until a patch is available. As a temporary workaround, avoid using the `Client-IP` HTTP header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NukeSentinel versions 2.5.05 through 2.5.11 NukeSentinel versions prior to 2.5.12 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting a SQL injection vulnerability in the includes/nsbypass.php file via an admin cookie. **Recommendations** For NukeSentinel versions 2.5.05 through 2.5.11, update to version 2.5.12 or later. For NukeSentinel versions prior to 2.5.12, update to version 2.5.12 or later.

Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5 Description: The issue allows remote attackers to execute arbitrary PHP code via an ftp URL in the `n` parameter in the index.php file, but only when PHP 5.0.0 or later is used. Recommendations: For Jupiter CMS version 1.1.5, consider restricting access to the index.php file or disabling the use of ftp URLs in the `n` parameter until a patch is available.

Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5 Description: The issue is related to an unrestricted file upload vulnerability. This allows remote attackers to upload arbitrary files by modifying the HTTP request, specifically by sending an image content type and omitting certain parameters, such as `is guest` and `is user`. Recommendations: For Jupiter CMS version 1.1.5, consider restricting access to the modules/emoticons.php file to prevent arbitrary file uploads until a patch is available. As a temporary workaround, modify the HTTP request handling to validate and enforce the presence of required parameters, such as `is guest` and `is user`, and to properly check the content type of uploaded files.

Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5 Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This can be achieved by providing a .. (dot dot) or an absolute pathname in the `n` parameter. Recommendations: For Jupiter CMS version 1.1.5, consider restricting access to the `index.php` file until a patch is available, or avoid using the `n` parameter in the affected API endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5 Description: The issue allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers. This is done by setting the `ip` variable used in SQL queries performed by index.php and other PHP scripts. The attack vector might involve ` SERVER`. Recommendations: For Jupiter CMS version 1.1.5, consider validating and sanitizing all input data, including HTTP headers, to prevent SQL injection attacks. As a temporary workaround, restrict access to index.php and other affected PHP scripts until a patch is available. Avoid using the `ip` variable in SQL queries until the issue is resolved.