Eugene Minaev

**Name of the Vulnerable Software and Affected Versions** AJchat version 0.10 **Description** The issue allows remote attackers to bypass input validation and conduct SQL injection attacks. This is achieved by providing a numeric parameter with a value matching the `s` parameter's hash value, which prevents the associated `$ GET["s"]` variable from being unset. **Recommendations** For AJchat version 0.10, consider implementing proper input validation to prevent SQL injection attacks. As a temporary workaround, restrict access to the `directory.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Half-Life Counter-Strike version 1.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending multiple crafted login packets. **Recommendations** For version 1.6, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** EkinBoard versions 1.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary code by uploading an avatar file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in `uploaded/avatars/`. **Recommendations** For versions 1.1.0 and earlier, consider restricting or disabling the file upload feature, especially for avatar files, until a proper fix is applied to prevent remote code execution.

**Name of the Vulnerable Software and Affected Versions** EkinBoard versions 1.1.0 and earlier **Description** The issue allows remote attackers to bypass authorization and gain administrator privileges. This can be achieved by setting the ` groups[]` parameter to 2. An example of exploitation is via the `backup.php` endpoint. **Recommendations** For EkinBoard versions 1.1.0 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the `backup.php` endpoint until a fix is available. As a temporary workaround, avoid using the ` groups[]` parameter in sensitive operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CuteNews.ru version 1.1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via the `text` parameter in the `plugins/wacko/highlight/html.php` file. This parameter is inserted into an executable regular expression, enabling the execution of malicious code. **Recommendations** For CuteNews.ru version 1.1.1, consider restricting access to the `plugins/wacko/highlight/html.php` file to minimize the risk of exploitation. Avoid using the `text` parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Uebimiau Webmail versions 2.7.2 through 2.7.10 **Description** The issue allows remote attackers to bypass authentication by setting the `sess[auth]` parameter to 1 via HTTP requests, as the software does not protect authentication state variables. This can be used to conduct directory traversal attacks without authentication. **Recommendations** For Uebimiau Webmail versions 2.7.2 through 2.7.10, avoid using the `sess[auth]` parameter in HTTP requests until the issue is resolved. As a temporary workaround, consider restricting access to sensitive areas of the webmail application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RunCMS versions 1.6.1 and earlier with Newbb plus module versions 0.92 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `Client-Ip` parameter in the index.php file of the Newbb plus module. **Recommendations** For RunCMS versions 1.6.1 and earlier with Newbb plus module versions 0.92 and earlier, consider restricting access to the index.php file in the Newbb plus module to minimize the risk of exploitation. Avoid using the `Client-Ip` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eggBlog versions 3.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `eggblogpassword` parameter in a cookie. **Recommendations** For eggBlog versions 3.1.0 and earlier, update to a version later than 3.1.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FlexBB versions 0.6.3 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `flexbb temp id` parameter in a cookie. **Recommendations** For FlexBB versions 0.6.3 and earlier, avoid using the `flexbb temp id` parameter in cookies until a fix is available. As a temporary workaround, consider restricting access to sensitive database operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SmallNuke versions 2.0.4 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `user email` parameter and possibly the `username` parameter in a Members action when `magic quotes gpc` is disabled. **Recommendations** For versions 2.0.4 and earlier, consider disabling the execution of SQL commands from user input until a patch is available. Restrict access to the `index.php` file to minimize the risk of exploitation. Avoid using the `user email` and `username` parameters in the affected Members action until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Loudblog versions 0.8.0 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the `template` parameter in the loudblog/inc/parse old.php file. **Recommendations** For Loudblog versions 0.8.0 and earlier, avoid using the `template` parameter in the affected file until a fix is available. As a temporary workaround, consider restricting access to the parse old.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Uebimiau Webmail versions 2.7.2 through 2.7.10 **Description** A directory traversal issue exists, allowing remote authenticated users to read arbitrary files. This is achieved by using a .. (dot dot) in the `selected theme` parameter. **Recommendations** For versions 2.7.2 through 2.7.10, consider restricting access to the error.php file or the `selected theme` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `selected theme` parameter with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XOOPS mod gallery module (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GALLERY BASEDIR` parameter in the xoopsgallery/init basic.php file when register globals is disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.