E.Wizz!

**Name of the Vulnerable Software and Affected Versions** Chilkat Software IMAP ActiveX control version ChilkatMail2.ChilkatMailMan2.1 **Description** The issue is related to an insecure method in the ChilkatMail v7 9.dll component of the Chilkat Software IMAP ActiveX control. This allows remote attackers to execute arbitrary programs via the `LoadXmlEmail` method. **Recommendations** For version ChilkatMail2.ChilkatMailMan2.1, as a temporary workaround, consider disabling the `LoadXmlEmail` method until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Full Revolution aspWebAlbum version 3.2 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the `uploadmedia` action in `album.asp`, and then accessing it via a direct request to the file in the `pics/` directory. **Recommendations** For Full Revolution aspWebAlbum version 3.2, consider restricting or disabling the `uploadmedia` action in `album.asp` to prevent uploading files with executable extensions until a fix is available. Restrict access to the `pics/` directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mongoose version 2.4 **Description** A directory traversal issue allows remote attackers to read arbitrary files by including a .. (dot dot) in the URI. **Recommendations** For version 2.4, update to a version that fixes this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zervit Webserver version 0.02 **Description** The issue is related to a buffer overflow in the `http parse hex` function, which can be triggered by a long URI, potentially causing a denial of service through a daemon crash. **Recommendations** For Zervit Webserver version 0.02, consider restricting access to long URIs to minimize the risk of exploitation until a patch is available.

Name of the Vulnerable Software and Affected Versions: QuikSoft EasyMail MailStore version 6.5.0.3 Description: The issue is related to a buffer overflow in the emmailstore.dll component of the QuikSoft EasyMail MailStore ActiveX control. This occurs when a long first argument is passed to the `CreateStore` method, allowing remote attackers to execute arbitrary code. Recommendations: For version 6.5.0.3, consider disabling the `CreateStore` method in the emmailstore.dll component until a patch is available. Restrict access to the emmailstore.dll module to minimize the risk of exploitation. Avoid using the QuikSoft EasyMail MailStore ActiveX control with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Phoenician Casino FlashAX ActiveX control version 1.0.0.7 **Description** The issue is a heap-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long argument to the `SetID` method. **Recommendations** For Phoenician Casino FlashAX ActiveX control version 1.0.0.7, consider disabling the `SetID` method until a patch is available to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** MyioSoft EasyClassifields version 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `go` parameter in a 'browse' action, specifically targeting the staticpages/easyclassifields/index.php file. **Recommendations** For MyioSoft EasyClassifields version 3.0, consider restricting access to the vulnerable `index.php` file in the staticpages/easyclassifields directory until a patch is available. Avoid using the `go` parameter in the 'browse' action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vastal I-Tech Shaadi Zone version 1.0.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tage` parameter in the keyword search action.php file. **Recommendations** For version 1.0.9, avoid using the `tage` parameter in the keyword search action.php file until a fix is available. As a temporary workaround, consider restricting access to the keyword search action.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpBazar version 2.0.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `adid` parameter in the classified.php file. **Recommendations** For phpBazar version 2.0.2, avoid using the `adid` parameter in the classified.php file until the issue is resolved. As a temporary workaround, consider restricting access to the classified.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Rgboard versions 3.0.12 and earlier Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `s text` parameter and other unspecified vectors. Recommendations: For Rgboard versions 3.0.12 and earlier, update to a version that fixes this issue, ensuring to address the `s text` parameter vulnerability in the rg search.php file.

Name of the Vulnerable Software and Affected Versions: Rgboard version 3.0.12 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `site path` parameter in the include/bbs.lib.inc.php file. Recommendations: For Rgboard version 3.0.12, consider restricting access to the `include/bbs.lib.inc.php` file to minimize the risk of exploitation. Avoid using the `site path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.