Dedi Dwianto

**Name of the Vulnerable Software and Affected Versions** Agora version 1.4 RC1 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the ` SESSION[PATH COMPOSANT]` parameter in the MysqlfinderAdmin.php file within the modules/Mysqlfinder directory. **Recommendations** For Agora version 1.4 RC1, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the MysqlfinderAdmin.php file and the SESSION[PATH COMPOSANT] parameter to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** Radical Designs Activist Mobilization Platform (AMP) version 3.2 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `base path` parameter. **Recommendations** For version 3.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/base.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `base path` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GraFX Company WebSite Builder (CWB) PRO version 1.9.8 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `INCLUDE PATH` parameter. **Recommendations** For version 1.9.8, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the comanda.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `INCLUDE PATH` parameter in the affected URL until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Groupit version 2.00b5 **Description** The issue allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to `$ GLOBALS`. This can be achieved by manipulating the `c basepath` parameter in various PHP files, including "content.php", "userprofile.php", "password.php", "dispatch.php", and "deliver.php" in the html/ directory, and possibly "load.inc.php" and related files. **Recommendations** For Groupit version 2.00b5, consider restricting access to the vulnerable PHP files until a patch is available. As a temporary workaround, avoid using the `c basepath` parameter in the affected API endpoints, such as "content.php", "userprofile.php", "password.php", "dispatch.php", and "deliver.php", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebCreator versions 0.2.6-rc3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `moddir` parameter to various files, including 'content/load.inc.php', 'config/load.inc.php', and 'http/load.inc.php'. This enables attackers to potentially compromise the system by injecting malicious PHP code. **Recommendations** For WebCreator versions 0.2.6-rc3 and earlier, as a temporary workaround, consider restricting access to the `moddir` parameter in the affected API endpoints until a patch is available. Avoid using the `moddir` parameter in the affected files, such as 'content/load.inc.php', 'config/load.inc.php', and 'http/load.inc.php', to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Soholaunch Pro Edition versions 4.9 r46 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the ` SESSION[docroot path]` parameter to specific PHP files, such as `includes/shared functions.php` or `client files/shopping cart/pgm-shopping css.inc.php`. Recommendations: For Soholaunch Pro Edition versions 4.9 r46 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/shared functions.php and client files/shopping cart/pgm-shopping css.inc.php files until a patch is available. Avoid using the ` SESSION[docroot path]` parameter in affected API endpoints until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: OpenEMR version 2.8.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GLOBALS[srcdir]` parameter in library/translation.inc.php, when register globals is enabled. Recommendations: For OpenEMR version 2.8.1, consider disabling the register globals setting to prevent exploitation, and avoid using the `GLOBALS[srcdir]` parameter in the affected library/translation.inc.php file until a patch is available.

Name of the Vulnerable Software and Affected Versions: OpenEMR versions 2.8.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `srcdir` parameter to various PHP files, including (a) billing process.php, (b) billing report.php, (c) billing report xml.php, and (d) print billing report.php in interface/billing/; (e) login.php; (f) interface/batchcom/batchcom.php; (g) interface/login/login.php; (h) main info.php and (i) main.php in interface/main/; (j) interface/new/new patient save.php; (k) interface/practice/ins search.php; (l) interface/logout.php; (m) custom report range.php, (n) players report.php, and (o) front receipts report.php in interface/reports/; (p) facility admin.php, (q) usergroup admin.php, and (r) user info.php in interface/usergroup/; or (s) custom/import xml.php. This can occur when register globals is enabled. Recommendations: For OpenEMR versions 2.8.1 and earlier, consider disabling the `register globals` setting to prevent exploitation. Additionally, as a temporary workaround, restrict access to the vulnerable PHP files, such as billing process.php, billing report.php, login.php, and others, until a patch is available. Avoid using the `srcdir` parameter in the affected PHP files until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Cyberfolio versions 2.0 RC1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved by providing a URL in the `av` parameter to specific API endpoints, including "msg/view.php", "msg/inc message.php", "msg/inc envoi.php", and "admin/incl voir compet.php". Recommendations: For Cyberfolio versions 2.0 RC1 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable API endpoints until a fix is available. As a temporary workaround, avoid using the `av` parameter in the affected endpoints.

**Name of the Vulnerable Software and Affected Versions** PHPmybibli versions 3.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via specific parameters in various PHP files. The vulnerable parameters include `class path`, `javascript path`, and `include path` in files such as `cart.php`, `index.php`, `edit.php`, and `circ.php`. Additionally, unspecified parameters in `select.php` and other files are also affected. **Recommendations** For PHPmybibli versions 3.0.1 and earlier, consider restricting access to the vulnerable parameters `class path`, `javascript path`, and `include path` in the affected PHP files until a patch is available. As a temporary workaround, consider disabling the execution of remote files in the `cart.php`, `index.php`, `edit.php`, and `circ.php` files. Avoid using unspecified parameters in `select.php` and other files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Vtiger CRM versions 4.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `calpath` parameter to specific API endpoints, including "/modules/Calendar/admin/update.php", "/modules/Calendar/admin/scheme.php", or "/modules/Calendar/calendar.php". **Recommendations** For Vtiger CRM versions 4.2 and earlier, consider restricting access to the vulnerable API endpoints until a fix is available. As a temporary workaround, avoid using the `calpath` parameter in the affected endpoints.

**Name of the Vulnerable Software and Affected Versions** OpenDock Easy Blog versions 1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `doc directory` parameter in various PHP files, including (1) down stat.php, (2) file.php, (3) find file.php, (4) lib read file.php, and (5) lib form file.php in sw/lib up file, when register globals is enabled. Other affected files include (6) find comment.php, (7) comment.php, and (8) lib comment.php in sw/lib comment/, and (9) sw/lib find/find.php. **Recommendations** For OpenDock Easy Blog versions 1.4 and earlier, consider disabling the `register globals` setting to prevent exploitation. Additionally, restrict access to the affected PHP files, such as down stat.php, file.php, find file.php, lib read file.php, lib form file.php, find comment.php, comment.php, lib comment.php, and find.php, until a patch is available. Avoid using the `doc directory` parameter in these files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenDock Easy Doc versions 1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `doc directory` parameter in various PHP scripts, including (1) down stat.php, (2) file.php, (3) find file.php, (4) lib file.php, and (5) lib form file.php in sw/lib up file/; (6) find comment.php, (7) comment.php, and (8) lib comment.php in sw/lib comment/; and (9) sw/lib find/find.php. This can occur when register globals is enabled. **Recommendations** For OpenDock Easy Doc versions 1.4 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP scripts, such as down stat.php, file.php, find file.php, lib file.php, lib form file.php, find comment.php, comment.php, lib comment.php, and find.php, until a fix is available. Avoid using the `doc directory` parameter in these scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenDock Easy Gallery versions 1.4 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `doc directory` parameter in various PHP scripts, including file.php, find user.php, lib user.php, lib form user.php, user.php, find session.php, session.php, comment.php, and lib comment.php, when register globals is enabled. **Recommendations** For OpenDock Easy Gallery versions 1.4 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP scripts, such as file.php, find user.php, lib user.php, lib form user.php, user.php, find session.php, session.php, comment.php, and lib comment.php, until a fix is available. Avoid using the `doc directory` parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebYep version 1.1.9 **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is due to multiple PHP remote file inclusion vulnerabilities in various files, including those in the programm/lib/ directory, such as `WYApplication.php`, `WYDocument.php`, `WYEditor.php`, `WYElement.php`, `WYFile.php`, `WYHTMLTag.php`, `WYImage.php`, `WYLanguage.php`, `WYLink.php`, `WYPath.php`, `WYPopupWindowLink.php`, `WYSelectMenu.php`, and `WYTextArea.php`, as well as files in the programm/elements/ directory, including `WYGalleryElement.php`, `WYGuestbookElement.php`, `WYImageElement.php`, `WYLogonButtonElement.php`, `WYLongTextElement.php`, `WYLoopElement.php`, `WYMenuElement.php`, and `WYShortTextElement.php`, and `webyep.php` in the programm/ directory. The vulnerability can be exploited via the `webyep sIncludePath` variable. **Recommendations** As a temporary workaround, consider disabling the `register globals` setting until a patch is available. Restrict access to the vulnerable files in the programm/lib/ and programm/elements/ directories to minimize the risk of exploitation. Avoid using the `webyep sIncludePath` variable in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yahoo! Messenger for WAP (affected versions not specified) **Description** The issue allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service, due to the ability to save messages containing JavaScript. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Eremove version 1.4 **Description** The issue is related to a buffer overflow in the `preview create` function, which can be triggered by a large email attachment. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. **Recommendations** For Eremove version 1.4, consider disabling the `preview create` function in gui.cpp to prevent potential exploitation until a fix is available. Restrict the handling of large email attachments to minimize the risk of a denial of service or code execution.

**Name of the Vulnerable Software and Affected Versions** Midirecord version 2.0 **Description** A buffer overflow issue exists in the daemon function in midirecord.cc, allowing local users to potentially execute arbitrary code via a long command line argument, specifically the filename. This issue may not be considered a vulnerability if Midirecord is not installed setuid. **Recommendations** For Midirecord version 2.0, consider restricting access to the daemon function in midirecord.cc to minimize the risk of exploitation until a patch is available. Avoid using long command line arguments, specifically filenames, in the affected function.

**Name of the Vulnerable Software and Affected Versions** SWS web Server version 0.1.7 **Description** The issue is related to a format string vulnerability that allows remote attackers to execute arbitrary code. This is due to unspecified vectors not being properly handled in a syslog function call. **Recommendations** For SWS web Server version 0.1.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SWS web Server version 0.1.7 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via a long request. **Recommendations** For SWS web Server version 0.1.7, at the moment, there is no information about a newer version that contains a fix for this issue.