Dun

**Name of the Vulnerable Software and Affected Versions** PhpGedView version 4.2.3 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the module.php file when magic quotes gpc is disabled. This can be achieved by using directory traversal sequences in the `pgvaction` parameter. **Recommendations** For PhpGedView version 4.2.3, consider disabling the module.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent directory traversal attacks. Avoid using the `pgvaction` parameter in the affected module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Jinzora Media Jukebox versions 2.8 and earlier **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `name` parameter. **Recommendations** For versions 2.8 and earlier, consider restricting access to the `index.php` file until a fix is available. As a temporary workaround, avoid using the `name` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Extensible-BioLawCom CMS (X-BLC) versions 0.2.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `section` parameter in the include/get read.php file. **Recommendations** For Extensible-BioLawCom CMS (X-BLC) versions 0.2.0 and earlier, consider restricting access to the include/get read.php file until a patch is available. As a temporary workaround, avoid using the `section` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** nweb2fax versions 0.2.7 and earlier **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `id` parameter to "comm.php" or the `var filename` parameter to "viewrq.php". **Recommendations** For nweb2fax versions 0.2.7 and earlier, as a temporary workaround, consider restricting access to the "comm.php" and "viewrq.php" scripts until a patch is available. Avoid using the `id` and `var filename` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nweb2fax versions 0.2.7 and earlier **Description** The issue allows remote attackers to execute arbitrary code via shell metacharacters in the `var filename` parameter in a (1) tif or (2) pdf format action. **Recommendations** For nweb2fax versions 0.2.7 and earlier, avoid using the `var filename` parameter in the affected API endpoint until the issue is resolved. Restrict access to the viewrq.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OneOrZero Helpdesk versions 1.6.5.7 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `default language` parameter of the "login.php" file. **Recommendations** For versions 1.6.5.7 and earlier, as a temporary workaround, consider restricting access to the `login.php` file until a patch is available. Avoid using the `default language` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** isiAJAX 1 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in ejemplo/paises.php. **Recommendations** For isiAJAX 1, avoid using the `id` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Sofi WebGui versions 0.6.3 PRE and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mod dir` parameter in the hu/modules/reg-new/modstart.php module. Recommendations: For Sofi WebGui versions 0.6.3 PRE and earlier, as a temporary workaround, consider restricting access to the hu/modules/reg-new/modstart.php module until a patch is available. Avoid using the `mod dir` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ol'bookmarks manager versions 0.7.5 and earlier Description: The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `show` parameter of the show.php file, enabling directory traversal. Recommendations: For versions 0.7.5 and earlier, consider restricting access to the show.php file until a patch is available. As a temporary workaround, avoid using the `show` parameter in the show.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: OpenRat versions 0.8-beta4 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `tpl dir` parameter in the themes/default/include/html/insert.inc.php file. Recommendations: For OpenRat versions 0.8-beta4 and earlier, as a temporary workaround, consider restricting access to the `insert.inc.php` file until a patch is available. Avoid using the `tpl dir` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cyberfolio versions 7.12.2 and earlier Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `theme` parameter of the portfolio/css.php file. This enables attackers to potentially access and execute sensitive files on the server. Recommendations: For Cyberfolio versions 7.12.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Way Of The Warrior (WOTW) versions 5.0 and earlier Description: The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `plancia` parameter in the "visualizza.php" file. Recommendations: For versions 5.0 and earlier, consider restricting access to the `visualizza.php` file until a patch is available. As a temporary workaround, avoid using the `plancia` parameter in the affected file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Way Of The Warrior (WOTW) versions 5.0 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `plancia` parameter to "crea.php". Recommendations: For versions 5.0 and earlier, consider disabling access to the "crea.php" endpoint until a patch is available. Restrict the use of the `plancia` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BaseBuilder versions 2.0.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mj config[src path]` parameter in the main.inc.php file. **Recommendations** For versions 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** openElec versions 3.01 and earlier **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `obj` parameter of the scr/form.php file. **Recommendations** For openElec versions 3.01 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPcounter versions 1.3.2 and earlier **Description** A directory traversal issue exists when the `magic quotes gpc` setting is disabled, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a `..` (dot dot) sequence in the `l` parameter. **Recommendations** For PHPcounter versions 1.3.2 and earlier, consider disabling the `l` parameter in the `defs.php` file until a patch is available. As a temporary workaround, enable the `magic quotes gpc` setting to prevent the exploitation of this issue.

**Name of the Vulnerable Software and Affected Versions** emergecolab version 1.0 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `sitecode` parameter to the "connect/index.php" endpoint. **Recommendations** For emergecolab version 1.0, as a temporary workaround, consider restricting access to the `connect/index.php` endpoint until a patch is available. Avoid using the `sitecode` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MailWatch for MailScanner version 1.0.4 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `doc` parameter of the docs.php file, enabling directory traversal. **Recommendations** For MailWatch for MailScanner version 1.0.4 and earlier, consider restricting access to the docs.php file until a patch is available. As a temporary workaround, avoid using the `doc` parameter in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** Barcode Generator 1D (barcodegen) versions 2.0.0 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `code` parameter of the image.php file. This enables directory traversal, potentially leading to the execution of malicious code. **Recommendations** For versions 2.0.0 and earlier, as a temporary workaround, consider restricting access to the image.php file until a patch is available. Avoid using the `code` parameter in the image.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BNCwi versions 1.04 and earlier **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `newlanguage` parameter of the "index.php" file. **Recommendations** For BNCwi versions 1.04 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.