Gold_M

**Name of the Vulnerable Software and Affected Versions** dicas Mpegable Player version 2.12 **Description** The issue is a stack-based buffer overflow that can be triggered by a long string in a .YUV file, potentially allowing remote attackers to cause a denial of service, such as an application crash, or possibly execute arbitrary code. **Recommendations** For dicas Mpegable Player version 2.12, consider avoiding the use of .YUV files from untrusted sources until a patch is available. As a temporary workaround, restrict access to files that could potentially trigger the buffer overflow to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Moa Gallery versions 1.2.0 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `p filename` parameter. **Recommendations** For Moa Gallery versions 1.2.0 and earlier, as a temporary workaround, consider restricting access to the `sources/ template parser.php` file until a patch is available. Avoid using the `p filename` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MaxCMS version 3.11.20b **Description** The issue allows remote attackers to read arbitrary files via directory traversal sequences in the `thCMS root` parameter. This is a result of a directory traversal vulnerability in the includes/inc.thcms admin dirtree.php file. **Recommendations** For MaxCMS version 3.11.20b, as a temporary workaround, consider restricting access to the `thCMS root` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MaxCMS version 3.11.20b **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `fm includes special` parameter in the includes/file manager/special.php file. **Recommendations** For MaxCMS version 3.11.20b, consider restricting access to the `special.php` file in the includes/file manager directory to minimize the risk of exploitation. Avoid using the `fm includes special` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Ultrize TimeSheet version 1.2.2 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `fileName` parameter of the "actions/downloadFile.php" endpoint. Recommendations: For Ultrize TimeSheet version 1.2.2, as a temporary workaround, consider restricting access to the "actions/downloadFile.php" endpoint until a patch is available. Avoid using the `fileName` parameter with unvalidated input in the affected endpoint.

Name of the Vulnerable Software and Affected Versions: Sanus|artificium (aka Sanusart) Free simple guestbook PHP script versions prior to 20081111 Description: The issue allows remote attackers to inject arbitrary PHP code into messages.txt via the `message` parameter to "act.php", which is executed when "guestbook/guestbook.php" is accessed. Recommendations: For Sanus|artificium (aka Sanusart) Free simple guestbook PHP script versions prior to 20081111, consider disabling the `act.php` file or restricting access to the `guestbook/guestbook.php` page until a fix is available. Avoid using the `message` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CoolPlayer+ Portable versions 2.19.6 and earlier **Description** The issue allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. This can be achieved by exploiting a stack-based buffer overflow in the software. **Recommendations** For CoolPlayer+ Portable versions 2.19.6 and earlier, consider updating to a newer version to mitigate the risk of exploitation. As a temporary workaround, restrict the use of malformed playlist files to minimize the risk of arbitrary code execution. Avoid using the software to open untrusted or unknown .m3u files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** CoolPlayer+ Portable version 2.19.1 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved via a skin file, specifically `skin.ini`, that contains a large `PlaylistSkin` parameter. **Recommendations** For CoolPlayer+ Portable version 2.19.1, consider avoiding the use of skin files with large `PlaylistSkin` parameters until a fix is available. As a temporary workaround, restrict the use of skin files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OxYBox version 0.85 **Description** A static code injection issue exists, allowing remote attackers to inject arbitrary PHP code into oxyhistory.php via the `oxymsg` parameter in edithistory.php. **Recommendations** For OxYBox version 0.85, avoid using the `oxymsg` parameter in the affected edithistory.php file until a fix is available. As a temporary workaround, consider restricting access to edithistory.php to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ol'bookmarks manager version 0.7.5 Description: The issue allows remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `framefile` parameter of the frame.php file, which enables directory traversal. Recommendations: For version 0.7.5, consider restricting access to the frame.php file until a patch is available, or avoid using the `framefile` parameter with untrusted input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: AJ Auction Pro Platinum Skin 2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `item id` parameter in the "detail.php" API endpoint. Recommendations: For AJ Auction Pro Platinum Skin 2, consider restricting access to the `item id` parameter in the detail.php endpoint until a patch is available. As a temporary workaround, avoid using the `item id` parameter in the affected endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ol'bookmarks manager version 0.7.5 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "brain" action. Recommendations: For version 0.7.5, avoid using the `id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the vulnerable `index.php` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: ol'bookmarks manager version 0.7.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `framefile` parameter. This is a result of a remote file inclusion vulnerability in the frame.php file. Recommendations: For ol'bookmarks manager version 0.7.5, avoid using the `framefile` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the frame.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebBiscuits Modules Controller version 1.1 **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability. This is achieved by using a .. (dot dot) in the `download` parameter of the faqsupport/wce.download.php file. **Recommendations** For WebBiscuits Modules Controller version 1.1, consider restricting access to the faqsupport/wce.download.php file until a patch is available. As a temporary workaround, avoid using the `download` parameter in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WebBiscuits Modules Controller versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path[docroot]` parameter. This is a result of a PHP remote file inclusion vulnerability in the adminhead.php file. **Recommendations** For WebBiscuits Modules Controller versions 1.1 and earlier, consider restricting access to the adminhead.php file and the `path[docroot]` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** web-cp version 0.5.7 **Description** The issue allows remote attackers to read arbitrary files due to an absolute path traversal vulnerability in sendfile.php when register globals is enabled. This is achieved by providing a full pathname in the `filelocation` parameter. **Recommendations** For web-cp version 0.5.7, consider disabling the `sendfile.php` script or restricting access to it until a patch is available. Additionally, disabling register globals can help mitigate the risk of exploitation. Avoid using the `filelocation` parameter in the affected script until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** mini-pub versions 0.3 and earlier **Description** The issue allows remote attackers to read files and obtain PHP source code. This is achieved by providing a filename in the `sFileName` parameter to the 'front-end/edit.php' endpoint. **Recommendations** For mini-pub versions 0.3 and earlier, consider restricting access to the 'front-end/edit.php' endpoint until a patch is available. As a temporary workaround, avoid using the `sFileName` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mini-pub versions 0.3 and earlier **Description** The issue allows remote attackers to list arbitrary directories via a full pathname in the `sDir` parameter. This is related to an absolute path traversal vulnerability in the front-end/dir.php file. **Recommendations** For mini-pub versions 0.3 and earlier, avoid using the `sDir` parameter with full pathnames until a fix is available. As a temporary workaround, consider restricting access to the front-end/dir.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** eDContainer version 2.22 **Description** A directory traversal issue exists in index.php, allowing remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `lg` parameter. **Recommendations** For eDContainer version 2.22, consider disabling the `lg` parameter in the index.php file until a patch is available, or enable magic quotes gpc to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** eDNews version 2 **Description** A directory traversal issue exists in eDNews archive.php, allowing remote attackers to include and execute arbitrary local files when magic quotes gpc is disabled. This is achieved by using a .. (dot dot) in the `lg` parameter. **Recommendations** For eDNews version 2, consider disabling the `lg` parameter in eDNews archive.php until a patch is available, or enable magic quotes gpc to prevent exploitation.