Indoushka

**Name of the Vulnerable Software and Affected Versions** Pixa Bank version 2.0 **Description** An SQL injection allows unauthenticated attackers to extract sensitive data from the database, including names, email addresses, and phone numbers. This is achieved by sending POST requests to the 'agence-ajax.php' endpoint and injecting UNION-based SQL payloads into the `rib` parameter. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.

**Name of the Vulnerable Software and Affected Versions** Zimbra Collaboration Suite (ZCS) version 8.8.15 **Description** The Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection issue. Unauthenticated attackers can execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell expansion syntax through the `RCPT TO` parameter to achieve remote code execution under the Zimbra service context. The vulnerability is triggered through the SMTP protocol, specifically targeting the `RCPT TO` parameter. **Recommendations** Update Zimbra Collaboration Suite (ZCS) to a version beyond 8.8.15.

**Name of the Vulnerable Software and Affected Versions** Textpattern CMS version 4.9.0 **Description** Textpattern CMS version 4.9.0 is affected by a second-order cross-site scripting issue. This allows attackers to inject malicious scripts by exploiting improper sanitization of user-supplied input within Atom feed XML elements. Attackers can embed unescaped payloads in parameters such as `category` that are reflected into Atom fields like `<title>` and `<link>`, resulting in JavaScript execution when feed readers or CMS aggregators consume the feed and insert content into the Document Object Model (DOM) using unsafe methods. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xerte Online Toolkits versions 3.14 and earlier **Description** Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload issue in the template import functionality. This allows remote attackers to execute arbitrary code by uploading a crafted ZIP archive containing malicious PHP payloads. Attackers can bypass authentication checks in the `import.php` file to upload a template archive with PHP code in the `media` directory. The uploaded archive is extracted to a web-accessible path, allowing direct access and execution of the malicious PHP code under the web server context. The vulnerability exists in `/website code/php/...`. **Recommendations** Versions prior to 3.14 should be updated. As a temporary workaround, consider disabling the template import functionality until a patch is available. Restrict access to the `import.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Precurio Intranet Portal version 4.4 **Description** Precurio Intranet Portal 4.4 contains a cross-site request forgery condition. Attackers can leverage this to compel authenticated users to submit malicious requests to a profile update endpoint that manages file uploads. Successful exploitation allows attackers to upload executable files to publicly accessible locations, potentially resulting in arbitrary code execution on the web server. The vulnerable endpoint handles file uploads during profile updates. The `profile update` endpoint is susceptible to crafted requests. **Recommendations** Precurio Intranet Portal version 4.4: Implement same-site cookies and rotating tokens to prevent cross-site request forgery attacks.

**Name of the Vulnerable Software and Affected Versions** Ray versions prior to 2.8.1 **Description** A path traversal issue exists in Ray Dashboard (default port 8265). Insufficient validation and sanitization of user-supplied paths within the static file handling mechanism allows an attacker to use traversal sequences (e.g., ../) to access files outside the intended static directory, leading to local file disclosure. The vulnerable component is the static file handling mechanism. The API endpoint is not explicitly mentioned. The vulnerable parameter is the user-supplied path. **Recommendations** Update to Ray version 2.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** RustFly version 2.0.0 **Description** RustFly 2.0.0 contains a command injection issue in its remote UI control mechanism. The software accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted hex-encoded payloads containing system commands to execute arbitrary operations on the target system. This includes the potential for reverse shell establishment and command execution. The vulnerable component accepts instructions via UDP port `5005`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Saturn Remote Mouse Server (affected versions not specified) **Description** Saturn Remote Mouse Server has a command injection issue. Unauthenticated attackers can execute arbitrary commands by sending specially crafted UDP JSON frames to port `27000`. Attackers on the local network can send malformed packets with unsanitized command data. The service forwards this data directly to OS execution functions, enabling remote code execution under the service account. The vulnerability is triggered by sending specially crafted UDP JSON frames to the ''/api/command'' endpoint. The vulnerable parameter is `command`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AMSS++ version 4.7 **Description** AMSS++ 4.7 has a flaw that permits unauthorized access to administrative accounts. This is due to the use of hardcoded credentials, specifically the default username 'admin' and password '1234'. Successful exploitation allows attackers to gain administrative privileges on the system. **Recommendations** Change the default administrative credentials immediately.

**Name of the Vulnerable Software and Affected Versions** AMSS++ version 4.31 **Description** AMSS++ version 4.31 has a SQL injection issue in the mail module’s `maildetail.php` script. The issue is present through the `id` parameter. An attacker can manipulate the `id` parameter in the `/modules/mail/main/maildetail.php` script to inject malicious SQL queries, potentially allowing access or modification of database contents. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `maildetail.php` script or the `id` parameter within that script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PhpIX 2012 Professional (affected versions not specified) **Description** An issue exists where remote attackers can manipulate database queries. This is possible by injecting malicious SQL code through the `id` parameter in the 'product detail.php' endpoint, potentially leading to the extraction or modification of database information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AVSCMS version 8.2.0 Description: The issue is related to an arbitrary file upload vulnerability in the /main/fileupload.php component. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations: For AVSCMS version 8.2.0, consider restricting access to the /main/fileupload.php component until a patch is available. As a temporary workaround, avoid using the file upload functionality in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GuppY version 4.5.18 **Description** A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This is achieved via the `lng` parameter in the newsletter.php file. **Recommendations** For GuppY version 4.5.18, consider restricting access to the newsletter.php file until a patch is available, and avoid using the `lng` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Lebisoft Ziyaretci Defteri versions 7.4 through 7.5 **Description** The issue allows remote attackers to download a database due to insufficient access control. Sensitive information is stored under the web root, enabling attackers to access it via a direct request for `db/lebisoft.mdb`. **Recommendations** For versions 7.4 and 7.5, restrict access to the `db/lebisoft.mdb` file to prevent unauthorized downloads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Winn Guestbook version 2.4 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the PATH INFO in index.php. **Recommendations** For Winn Guestbook version 2.4, update to a version where this issue is fixed, or as a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WikyBlog version 1.7.3 rc2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `langFile` parameter in the include/WBmap.php file. **Recommendations** For WikyBlog version 1.7.3 rc2, avoid using the `langFile` parameter in the affected include/WBmap.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WikyBlog version 1.7.3 rc2 **Description** The issue allows remote attackers to hijack web sessions. This can be achieved by setting the `jsessionid` parameter to specific API endpoints, such as "index.php/Comment/Main", "index.php/Comment/Main/Home Wiky", or "index.php/Edit/Main". **Recommendations** For WikyBlog version 1.7.3 rc2, consider restricting access to the `jsessionid` parameter in the mentioned API endpoints as a temporary workaround until a patch is available. Avoid using the `jsessionid` parameter in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WikyBlog versions 1.7.2 through 1.7.3 rc2 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `which` parameter in a copy action in the index.php/Special/Main/Templates component. **Recommendations** For WikyBlog versions 1.7.2 through 1.7.3 rc2, avoid using the `which` parameter in copy actions until a fix is available. As a temporary workaround, consider restricting access to the index.php/Special/Main/Templates component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Arab Cart version 1.0.2.0 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in the showimg.php file. **Recommendations** For Arab Cart version 1.0.2.0, avoid using the `id` parameter in the showimg.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `id` parameter to prevent malicious script injection.