Farhad Koosha

**Name of the Vulnerable Software and Affected Versions** PHP-Post versions 0.21 and 1.0, and possibly earlier versions **Description** The issue allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the `logincookie[user]` setting in the login cookie when auto-login is enabled. **Recommendations** For PHP-Post versions 0.21 and 1.0, and possibly earlier versions, consider disabling the auto-login feature to prevent exploitation until a fix is available. As a temporary workaround, restrict access to administrative privileges to minimize the risk of exploitation. Avoid using the auto-login feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Techno Dreams Announcement script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the `userid` parameter in the "admin/login.asp" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Techno Dreams Web Directory script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the `userid` parameter in the "admin/login.asp" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Techno Dreams Mailing List script (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the `userid` parameter in the "admin/login.asp" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Techno Dreams Guest Book (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the `userid` parameter in the "admin/login.asp" API endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aeNovo products (affected versions not specified) **Description** The issue concerns the storage of password information in plaintext within certain tables of aeNovo products, including aeNovo, aeNovoShop, and aeNovoWYSI. Specifically, the control, content, and page tables contain plaintext passwords. This allows attackers who have access to the database to obtain these passwords and potentially gain privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aeNovo (affected versions not specified) aeNovoShop (affected versions not specified) aeNovoWYSI (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL code, potentially enabling cross-site scripting (XSS) attacks in resulting error messages. This can be achieved via the `password` parameter in "control.asp" and the `strSQL` parameter in "search.asp". **Recommendations** For aeNovo, consider restricting access to the `control.asp` and `search.asp` pages until a fix is available. For aeNovoShop, avoid using the `password` parameter in "control.asp" and the `strSQL` parameter in "search.asp" until the issue is resolved. For aeNovoWYSI, as a temporary workaround, consider disabling the execution of SQL code from user-input parameters in "control.asp" and "search.asp" until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CoolForum versions 0.8.1 beta and earlier **Description** The issue allows remote attackers to manipulate SQL commands via certain requests to "alert.php" or "viewip.php", possibly due to a SQL injection vulnerability. **Recommendations** For CoolForum versions 0.8.1 beta and earlier, consider restricting access to the "alert.php" and "viewip.php" endpoints until a patch is available. As a temporary workaround, avoid using these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CoolForum versions 0.8.1 beta and earlier **Description** The issue allows remote attackers to obtain sensitive path information via direct requests to various PHP files, including "entete.php", "profile accueil.php", "profile mdp.php", "profile notify.php", "profile options.php", "profile perso.php", "profile pm.php", or "readannonce.php". These files leak the full pathname in a PHP error message. **Recommendations** For CoolForum versions 0.8.1 beta and earlier, consider restricting access to the mentioned PHP files until a patch is available. As a temporary workaround, disable the display of PHP error messages to minimize the risk of path information leakage.

**Name of the Vulnerable Software and Affected Versions** ACS Blog versions 0.8 through 1.1b **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to execute arbitrary web script or HTML. This is achieved via the `search` parameter in the "search.asp" page. **Recommendations** For versions 0.8 through 1.1b, update to a version that fixes this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** ASPjar Guestbook (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `password` field in the login.asp file. This could potentially lead to unauthorized access or data manipulation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASPjar Guestbook (affected versions not specified) **Description** A remote issue exists in the delete.asp program of certain ASPjar Guestbook versions, allowing attackers to delete messages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.