F10W3R

**Name of the Vulnerable Software and Affected Versions** codesiddhant Jasmin Ransomware versions up to 1.0.1 **Description** A vulnerability exists in codesiddhant Jasmin Ransomware up to version 1.0.1. The issue affects unknown code within the `/handshake.php` file. Manipulation of the `machine name`, `computer user`, `os`, `date`, `time`, `ip`, `location`, `systemid`, or `password` argument can lead to SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond. **Recommendations** codesiddhant Jasmin Ransomware version 1.0.1: As a temporary workaround, consider restricting access to the `/handshake.php` file to minimize the risk of exploitation. codesiddhant Jasmin Ransomware versions prior to 1.0.1: As a temporary workaround, consider restricting access to the `/handshake.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A security issue exists in CodeAstro Real Estate Management System 1.0. Manipulation of the `msg` argument in the `/propertyview.php` file can lead to cross-site scripting. This attack is possible remotely, and the exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting or disabling access to the `/propertyview.php` file until a fix is available. Sanitize the `msg` argument to prevent the injection of malicious scripts.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A cross-site scripting issue exists in CodeAstro Real Estate Management System 1.0. The issue is related to the manipulation of the `msg` argument in the `/feature.php` file. This can be initiated remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting or sanitizing the `msg` argument in the `/feature.php` file.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A flaw exists in CodeAstro Real Estate Management System 1.0 that allows for unrestricted file upload. The issue is located in the `/register.php` file and involves manipulation of the `uimage` argument. This can be exploited remotely. The exploit has been published and may be used. **Recommendations** As a temporary workaround, restrict access to the `/register.php` file. Address the manipulation of the `uimage` argument within the `/register.php` file.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A vulnerability exists in CodeAstro Real Estate Management System 1.0 that allows for unrestricted file upload through the `/submitproperty.php` file. The attack can be initiated remotely, and details of the exploit have been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `/submitproperty.php` file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical issue was found in the PHPGurukul Online Fire Reporting System. The problem is related to an unknown function in the file /search-report-result.php, where the manipulation of the `serachdata` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider restricting access to the /search-report-result.php file until a fix is available. As a temporary workaround, avoid using the `serachdata` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical issue has been discovered, affecting an unknown functionality of the file /details.php. The manipulation of the `requestid` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider restricting access to the /details.php file until a patch is available. As a temporary workaround, avoid using the `requestid` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical vulnerability has been found in PHPGurukul Online Fire Reporting System. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the `teamid` argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider disabling access to the /admin/manage-teams.php file until a patch is available. Restrict the use of the `teamid` argument in the affected file to minimize the risk of exploitation. As a temporary workaround, avoid using the `teamid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical issue was found in the PHPGurukul Online Fire Reporting System, affecting some unknown functionality of the file /admin/profile.php. The manipulation of the `mobilenumber` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider restricting access to the /admin/profile.php file until a patch is available. As a temporary workaround, avoid using the `mobilenumber` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A critical issue has been found in the system, affecting some unknown functionality of the file /submitpropertydelete.php. The manipulation of the `ID` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** For CodeAstro Real Estate Management System version 1.0, as a temporary workaround, consider restricting access to the /submitpropertydelete.php file until a patch is available. Avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** CodeAstro Real Estate Management System version 1.0 **Description** A critical issue was found in the system, affecting an unknown part of the file /submitpropertyupdate.php. The manipulation of the `ID` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For CodeAstro Real Estate Management System version 1.0, consider restricting access to the /submitpropertyupdate.php file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical issue has been found in the PHPGurukul Online Fire Reporting System, affecting the /reporting.php file. The manipulation of the `fullname` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider restricting access to the `fullname` parameter in the /reporting.php file until a patch is available. As a temporary workaround, avoid using the `fullname` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Online Fire Reporting System version 1.2 **Description** A critical issue affects the processing of the file "/request-details.php". The manipulation of the `requestid` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For PHPGurukul Online Fire Reporting System version 1.2, consider restricting access to the "/request-details.php" file until a patch is available. As a temporary workaround, avoid using the `requestid` argument in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Naver Cloud Explorer version 1.2.2 **Description** The issue is related to a stack-based buffer overflow in the NDrive(1.2.2).sys component. This overflow occurs when reading data from an IOCTL handle, allowing attackers to cause a denial of service. **Recommendations** For version 1.2.2, consider restricting access to the NDrive(1.2.2).sys component until a patch is available. As a temporary workaround, avoid using the IOCTL handle that triggers the buffer overflow to minimize the risk of exploitation.