Hessam-X

Name of the Vulnerable Software and Affected Versions: IceBB versions 1.0-rc5 Description: The issue concerns an unrestricted file upload vulnerability. This vulnerability allows remote authenticated users to upload arbitrary files via the avatar function in index.php. These uploaded files can later be accessed in the uploads/ directory. Recommendations: For IceBB version 1.0-rc5, consider restricting the types of files that can be uploaded through the avatar function to prevent the upload of malicious files. As a temporary workaround, restrict access to the uploads/ directory to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IceBB versions 1.0-rc5 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function. This can be achieved by setting admin privileges, demonstrating the potential for significant unauthorized access and control. Recommendations: For IceBB version 1.0-rc5, consider restricting access to the avatar upload function until a fix is available, and avoid using the filename parameter in the upload process to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TinyPHPforum versions 3.6 and earlier **Description** The issue allows remote attackers to include and execute arbitrary files via ".." sequences in the `uname` parameter in the profile.php file. **Recommendations** For TinyPHPforum versions 3.6 and earlier, consider restricting access to the profile.php file until a patch is available. As a temporary workaround, avoid using the `uname` parameter in the profile.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** nVIDIA nView (affected versions not specified) **Description** The issue in keystone.exe allows attackers to cause a denial of service via a long command line argument. It is unclear whether this issue crosses security boundaries. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OlateDownload version 3.4.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `page` parameter in "details.php" or the `query` parameter in "search.php". **Recommendations** For OlateDownload version 3.4.0, update to a version that fixes the SQL injection vulnerabilities in details.php and search.php. As a temporary workaround, consider restricting access to the details.php and search.php files until a patch is available. Avoid using the `page` parameter in details.php and the `query` parameter in search.php until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OlateDownload version 3.4.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `description small` parameter in the userupload.php file. **Recommendations** For OlateDownload version 3.4.0, avoid using the `description small` parameter in the userupload.php file until a fix is available. Consider restricting access to the userupload.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Vikingboard version 0.1b **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `s` parameter in the topic.php file. **Recommendations** For Vikingboard version 0.1b, consider restricting access to the topic.php file until a patch is available. As a temporary workaround, avoid using the `s` parameter in the topic.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vikingboard version 0.1b **Description** The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This is possible via the `act` parameter in "help.php" and "search.php", and the `p` parameter in "report.php". **Recommendations** For Vikingboard version 0.1b, consider disabling the `act` parameter in "help.php" and "search.php", and the `p` parameter in "report.php" as a temporary workaround until a patch is available. Restrict access to "help.php", "search.php", and "report.php" to minimize the risk of exploitation. Avoid using the `act` and `p` parameters in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ezPortal/ztml CMS version 1.0 **Description** The issue allows remote attackers to bypass authentication controls by making a direct request to the "Administration Area" script. **Recommendations** For ezPortal/ztml CMS version 1.0, consider restricting access to the "Administration Area" script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IwebNegar version 1.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the comments.php file. **Recommendations** For IwebNegar version 1.1, consider restricting access to the comments.php file or validating and sanitizing the `id` parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezPortal/ztml CMS version 1.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via various parameters, including `about`, `again`, `lastname`, `email`, `password`, `album`, `id`, `table`, `desc`, `doc`, `mname`, `max`, `htpl`, and `pheader`. **Recommendations** For ezPortal/ztml CMS version 1.0, as a temporary workaround, consider restricting user input for the parameters `about`, `again`, `lastname`, `email`, `password`, `album`, `id`, `table`, `desc`, `doc`, `mname`, `max`, `htpl`, and `pheader` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezPortal/ztml CMS version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the SQL injection vulnerability in the index.php file via various parameters, including `about`, `album`, `id`, `use`, `desc`, `doc`, `mname`, and `max`. **Recommendations** For ezPortal/ztml CMS version 1.0, as a temporary workaround, consider restricting access to the vulnerable parameters in the index.php file until a patch is available. Avoid using the parameters `about`, `album`, `id`, `use`, `desc`, `doc`, `mname`, and `max` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wikepage version 2006.2a Opus 10 **Description** A directory traversal issue exists in index.php, allowing remote attackers to include arbitrary local files via the `lng` parameter. This can be exploited by inserting PHP code into a log file. **Recommendations** For version 2006.2a Opus 10, consider restricting access to the `lng` parameter in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the `lng` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DeluxeBB versions 1.07 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `xmsn` parameter in the "cp.php" file. **Recommendations** For DeluxeBB versions 1.07 and earlier, avoid using the `xmsn` parameter in the "cp.php" file until a fix is available. Consider restricting access to the "cp.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Internet Photoshow version 1.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `page` parameter in the index.php file. **Recommendations** For Internet Photoshow version 1.3, consider restricting access to the index.php file or validating and sanitizing the `page` parameter to prevent remote file inclusion attacks. As a temporary workaround, consider disabling the execution of remote files in the index.php file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ralph Capper Tiny PHP Forum (TPF) version 3.6 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the `uname` parameter in a view action in `profile.php` and a login name are vulnerable to such injections. **Recommendations** For version 3.6, avoid using the `uname` parameter in the view action in `profile.php` until the issue is resolved. Restrict access to the login name field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Light Weight Calendar (LWC) version 1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via the `date` parameter to "index.php". **Recommendations** For Light Weight Calendar (LWC) version 1.0, consider restricting access to the `date` parameter in the "index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.