Fireboy

Name of the Vulnerable Software and Affected Versions: UNISOR Content Management System (CMS) (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands via the `user` or `pass` fields in the login.asp file. This can potentially lead to unauthorized access and data manipulation. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UltraCMS version 0.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities in the include/index.php file via the `username` or `password` parameters. **Recommendations** For UltraCMS version 0.9, consider restricting access to the include/index.php file until a patch is available. As a temporary workaround, avoid using the `username` and `password` parameters in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Kinesis Interactive Cinema System (KICS) CMS (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `txtUsername` (user) or `txtPassword` (pass) parameters in the index.asp file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via an argument in the ad.cgi script. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ad.cgi (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files by providing a full pathname in the argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be determined. Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the argument of the ad.cgi script. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: forum.pl (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files by providing a full pathname in the argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: forum.pl (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. This can be done by injecting malicious input into the `argument` variable, potentially leading to unauthorized access and control. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Includer (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files by providing a full pathname in the argument to the includer.cgi. This is similar to a previously known vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: The Includer (affected versions not specified) Description: A cross-site scripting (XSS) issue exists in the includer.cgi script, allowing remote attackers to inject arbitrary web script or HTML via the argument. This could potentially lead to unauthorized actions on the affected system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: text.cgi (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files by providing a full pathname in the argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: text.cgi (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. This is related to the text.cgi script. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: text.cgi (affected versions not specified) Description: A cross-site scripting (XSS) issue in the text.cgi script allows remote attackers to inject arbitrary web script or HTML via an argument. This could potentially lead to the execution of malicious code on the victim's browser. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: hyper.cgi (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files by providing a full pathname in the argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: citat.pl (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary files via shell metacharacters in the argument. This could potentially lead to unauthorized access and execution of malicious files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, so the information cannot be determined. Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the argument of the include.cgi script. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: inserter.cgi (affected versions not specified) Description: A cross-site scripting (XSS) issue in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via an argument. This could potentially lead to unauthorized actions on the affected system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: inserter.cgi (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. This can be done by injecting malicious input into the `argument` variable. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: inserter.cgi (affected versions not specified) Description: The issue allows remote attackers to read arbitrary files by providing a full pathname in the argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A cross-site scripting (XSS) issue exists in the include.cgi script, allowing remote attackers to inject arbitrary web script or HTML via an argument. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.