Houssamix

**Name of the Vulnerable Software and Affected Versions** DomPHP versions 0.83 and earlier **Description** A directory traversal issue exists, allowing remote attackers to have an unspecified impact by including a .. (dot dot) in the `url` parameter to the "photoalbum/index.php" endpoint. **Recommendations** For DomPHP versions 0.83 and earlier, consider restricting access to the "photoalbum/index.php" endpoint until a fix is available, and avoid using the `url` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** DomPHP versions 0.83 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `ids` parameter in the "agenda/indexdate.php" file. **Recommendations** For DomPHP versions 0.83 and earlier, update to a version later than 0.83 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Audacity versions 1.2.6 through 1.3.5 **Description** The issue is a stack-based buffer overflow in the String parse::get nonspace quoted function, which can be triggered by a .gro file containing a long string. This allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. **Recommendations** For Audacity versions 1.2.6 through 1.3.5, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of .gro files containing long strings until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Merak Media Player version 3.2 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file. This issue is related to the status bar icon's tooltip. **Recommendations** For Merak Media Player version 3.2, consider avoiding the use of long strings in .m3u playlist files until a patch is available. As a temporary workaround, restrict the handling of .m3u files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlexCell Grid Control version 5.6.9 **Description** The issue concerns insecure methods in the FlexCell.Grid ActiveX control, allowing remote attackers to create and overwrite arbitrary files. This is achieved through the `SaveFile` and `ExportToXML` methods. **Recommendations** For FlexCell Grid Control version 5.6.9, consider disabling the `SaveFile` and `ExportToXML` methods until a patch is available to prevent the creation and overwriting of arbitrary files.

**Name of the Vulnerable Software and Affected Versions** MW6 Technologies Barcode ActiveX control version 3.0.0.1 **Description** The issue is related to a heap-based buffer overflow in the MW6 Technologies Barcode ActiveX control. This allows remote attackers to execute arbitrary code via a long `Supplement` property. **Recommendations** For version 3.0.0.1, consider disabling the use of the `Supplement` property in the Barcode ActiveX control until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Heathco Software MP3 TrackMaker version 1.5 **Description** The issue is a heap-based buffer overflow that can be triggered by a remote attacker sending a long string in an invalid .mp3 file. This can cause a denial of service, resulting in an application crash, and potentially allow the execution of arbitrary code. **Recommendations** For version 1.5, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider avoiding the use of invalid .mp3 files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AAA EasyGrid ActiveX version 3.51 **Description** The issue concerns an insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control. This vulnerability allows remote attackers to create and overwrite arbitrary files. Attackers can leverage this issue via the `DoSaveFile` or `DoSaveHtmlFile` method. It is noted that this vulnerability could potentially be used for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. **Recommendations** For AAA EasyGrid ActiveX version 3.51, consider disabling the `DoSaveFile` and `DoSaveHtmlFile` methods as a temporary workaround until a patch is available. Restrict access to the EasyGrid.SGCtrl.32 ActiveX control to minimize the risk of exploitation. Avoid using the EasyGrid.SGCtrl.32 ActiveX control in sensitive environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** MambAds (com mambads) component versions 1.0 RC1 Beta and 1.0 RC1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `ma cat` parameter in a view action to "index.php". **Recommendations** For MambAds (com mambads) component version 1.0 RC1 Beta, avoid using the `ma cat` parameter in the "index.php" endpoint until the issue is resolved. For MambAds (com mambads) component version 1.0 RC1, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! com extplorer module versions 2.0.0 RC2 and earlier **Description** A directory traversal issue in the eXtplorer module allows remote attackers to read arbitrary files by using a .. (dot dot) in the `dir` parameter in a "show error" action. **Recommendations** For versions 2.0.0 RC2 and earlier, update the com extplorer module to a version later than 2.0.0 RC2 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Joomla! xsstream-dm (com xsstream-dm) component version 0.01 Beta Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `movie` parameter in the "index.php" endpoint. Recommendations: For Joomla! xsstream-dm (com xsstream-dm) component version 0.01 Beta, consider restricting access to the `movie` parameter in the "index.php" endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: Content Management System version 0.6.1 Description: A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `cm imgpath` parameter in the cm/graphie.php file. Recommendations: For version 0.6.1, as a temporary workaround, consider restricting access to the cm/graphie.php file until a patch is available. Avoid using the `cm imgpath` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** joomlaXplorer (com joomlaxplorer) versions 1.6.2 and earlier **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `error` parameter in a 'show error' action to "index.php". **Recommendations** For versions 1.6.2 and earlier, update to a version later than 1.6.2 to resolve the issue. As a temporary workaround, consider restricting access to the 'show error' action in "index.php" to minimize the risk of exploitation. Avoid using the `error` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** joomlaXplorer (com joomlaxplorer) versions 1.6.2 and earlier **Description** The issue allows remote attackers to list arbitrary directories via a .. (dot dot) in the `dir` parameter in a "show error" action. This is a directory traversal vulnerability in the index.php file of the joomlaXplorer component. **Recommendations** For versions 1.6.2 and earlier, consider restricting access to the `dir` parameter in the "show error" action of the index.php file until a patch is available. As a temporary workaround, disabling the "show error" action or limiting directory access can help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KwsPHP versions (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `cat` parameter to "index.php". **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DomPHP version 0.82 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `page` parameter of the aides/index.php file. **Recommendations** For DomPHP version 0.82, consider restricting access to the aides/index.php file until a patch is available, and avoid using the `page` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** DeltaScripts PHP Links versions 1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `full path to public program` parameter. This is a result of a PHP remote file inclusion vulnerability in the includes/smarty.php file. **Recommendations** For DeltaScripts PHP Links versions 1.3 and earlier, consider restricting access to the `full path to public program` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DeltaScripts PHP Links versions 1.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "vote.php" file. **Recommendations** For DeltaScripts PHP Links versions 1.3 and earlier, update to a version later than 1.3 to resolve the issue. As a temporary workaround, consider restricting access to the "vote.php" file or validating and sanitizing the `id` parameter to prevent SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Connectix Boards versions 0.8.2 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `template path` parameter in the templates/Official/part userprofile.php file. **Recommendations** For Connectix Boards versions 0.8.2 and earlier, avoid using the `template path` parameter in the affected file until the issue is resolved. As a temporary workaround, consider restricting access to the templates/Official/part userprofile.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fGallery plugin for WordPress version 2.4.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `album` parameter in the fim rss.php file. **Recommendations** For version 2.4.1, consider disabling the fim rss.php file or restricting access to it until a patch is available. Avoid using the `album` parameter in the vulnerable fim rss.php file until the issue is resolved.