Hakxer

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute News Feed version 1.0 Xigla Software Absolute News Feed version 1.5 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a certain cookie. Recommendations: For version 1.0, update the software to remove the authentication bypass vulnerability. For version 1.5, consider removing or restricting access to the vulnerable cookie until a patch is available.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute News Manager.NET version 5.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For version 5.1, update the software to prevent attackers from bypassing authentication by manipulating cookie values.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute FAQ Manager.NET version 6.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For version 6.0, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider restricting access to administrative functions until a patch is available.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute Live Support .NET version 5.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For version 5.1, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the vulnerable authentication mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute Form Processor .NET version 4.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For version 4.0, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the affected cookie value to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Absolute Content Rotator version 6.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For Absolute Content Rotator version 6.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute Poll Manager XE version 4.1 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For Xigla Software Absolute Poll Manager XE version 4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Xigla Software Absolute Control Panel XE version 1.5 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For Xigla Software Absolute Control Panel XE version 1.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Absolute Banner Manager .NET version 4.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value, specifically the `cookie` variable. This enables unauthorized access to administrative functions. Recommendations: For Absolute Banner Manager .NET version 4.0, consider restricting access to administrative functions until a patch is available. As a temporary workaround, avoid using the vulnerable authentication mechanism and instead implement an alternative authentication method to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Absolute Podcast .NET version 1.0 Description: The issue allows remote attackers to bypass authentication and gain administrative access by setting a cookie to a certain value. Recommendations: For Absolute Podcast .NET version 1.0, update the cookie handling mechanism to prevent unauthorized access. As a temporary workaround, consider implementing additional authentication checks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Your Article Directory (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `txtAdminEmail` parameter in the "yad-admin/login.php" endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sorinara Streaming Audio Player version 0.9 Description: The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by sending a crafted .pla file. Recommendations: For Sorinara Streaming Audio Player version 0.9, consider avoiding the use of .pla files from untrusted sources until a patch is available. As a temporary workaround, restrict the execution of files with the .pla extension to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Scripts For Sites (SFS) EZ Pub Site (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `cat` parameter in the directory.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AJ Article (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `txtName` parameter, also known as the username field, in the index.php file. **Recommendations** For AJ Article, consider restricting access to the `txtName` parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `txtName` parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WEBBDOMAIN WebShop versions 1.02 and earlier, version 1.1, version 1.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter in the "getin.php" file. **Recommendations** For versions 1.02 and earlier, version 1.1, and version 1.2, update to a version that fixes this issue to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** WEBBDOMAIN Quiz versions 1.02 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter in the "getin.php" file. **Recommendations** For versions 1.02 and earlier, update to a version that fixes this issue to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the "getin.php" file or validating and sanitizing the `username` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WEBBDOMAIN Polls (aka Poll) versions 1.0 through 1.01 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "getin.php" file. **Recommendations** For versions 1.0 through 1.01, avoid using the `username` parameter in the affected API endpoint until the issue is resolved. Consider restricting access to the "getin.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WEBBDOMAIN Petition versions 1.02, 2.0, 3.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "getin.php" file. **Recommendations** For versions 1.02, 2.0, and 3.0, consider restricting access to the "getin.php" file until a patch is available. As a temporary workaround, avoid using the `username` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MatPo Link version 1.2 Beta **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `thema` parameter in the view.php file. **Recommendations** For MatPo Link version 1.2 Beta, consider restricting access to the view.php file until a patch is available, and avoid using the `thema` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MatPo Link version 1.2 Beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the view.php file. **Recommendations** For MatPo Link version 1.2 Beta, consider restricting access to the view.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.