John Cobb

**Name of the Vulnerable Software and Affected Versions** osCommerce version 2.2 RC 2a **Description** The issue allows remote attackers to obtain sensitive information via an invalid `dob` parameter in the create account.php file. This reveals the installation path in an error message. **Recommendations** For osCommerce version 2.2 RC 2a, consider modifying the create account.php file to handle invalid `dob` parameters without revealing sensitive information, such as the installation path, in error messages. As a temporary workaround, restrict access to the create account.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Media Player versions 9 through 10 Description: A buffer overflow issue exists in the plug-in for Microsoft Windows Media Player, specifically when used in browsers other than Internet Explorer and set as the default application to handle media files. This allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long `src` attribute. Recommendations: For Microsoft Windows Media Player versions 9 through 10, consider disabling the plug-in for non-Internet Explorer browsers as a temporary workaround until a patch is available. Restrict access to handling media files to minimize the risk of exploitation. Avoid using the EMBED element with long `src` attributes in HTML until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ECW-Shop version 6.0.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `max` or `ctg` parameters in the index.php file. **Recommendations** For ECW-Shop version 6.0.2, as a temporary workaround, consider restricting access to the index.php file until a patch is available. Avoid using the `max` and `ctg` parameters in the index.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECW-Shop version 6.0.2 **Description** The issue allows remote attackers to obtain sensitive information via the `min` or `max` parameter with a single quote, which reveals the path in an error message, possibly due to a SQL injection vulnerability. **Recommendations** For ECW-Shop version 6.0.2, consider restricting access to the `index.php` file until a patch is available, and avoid using the `min` and `max` parameters with unvalidated input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Naxtor Shopping Cart version 1.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `email` parameter in the lost password.php file. **Recommendations** For Naxtor Shopping Cart version 1.0, consider restricting access to the lost password.php file until a fix is available, and avoid using the `email` parameter in this context to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Naxtor Shopping Cart version 1.0 **Description** The issue allows remote attackers to obtain sensitive information. This is possibly due to an SQL injection vulnerability, where an error message reveals the path when a `cat id` with a single quote is used. **Recommendations** For Naxtor Shopping Cart version 1.0, consider validating and sanitizing user input to prevent SQL injection attacks, and avoid displaying sensitive information in error messages. As a temporary workaround, restrict access to the `shop display products.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CubeCart version 2.0.6 **Description** The issue allows remote attackers to obtain sensitive information via various invalid parameters to different PHP files, including the `language` parameter to "index.php", the `PHPSESSID` parameter to "index.php", the `product` parameter to "tellafriend.php", the `add` parameter to "view cart.php", or the `product` parameter to "view product.php". This reveals the path in a PHP error message. **Recommendations** For CubeCart version 2.0.6, consider restricting access to the mentioned PHP files or validating the `language`, `PHPSESSID`, `product`, and `add` parameters to prevent the disclosure of sensitive information. As a temporary workaround, consider disabling the display of PHP error messages to minimize the risk of path disclosure.

**Name of the Vulnerable Software and Affected Versions** iGeneric (iG) Shop version 1.2 **Description** The issue concerns SQL injection vulnerabilities in the page.php file. Remote attackers may execute arbitrary SQL statements by manipulating the `cats`, `l price`, or `u price` parameters. **Recommendations** For iGeneric (iG) Shop version 1.2, as a temporary workaround, consider restricting access to the page.php file until a patch is available. Avoid using the `cats`, `l price`, or `u price` parameters in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osCommerce versions 2.2-MS2 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `enquiry` parameter in the contact us.php file. **Recommendations** For osCommerce versions 2.2-MS2, as a temporary workaround, consider validating and sanitizing user input for the `enquiry` parameter to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CubeCart version 2.0.4 **Description** The issue allows remote attackers to either obtain the full path for the web server or conduct cross-site scripting (XSS) attacks. This is achieved via an invalid language parameter in index.php, which echoes the parameter in a PHP error message, potentially leading to XSS attacks or information disclosure. **Recommendations** For CubeCart version 2.0.4, consider validating and sanitizing the language parameter to prevent echoing of invalid input, and restrict access to error messages that could disclose sensitive information. As a temporary workaround, consider disabling the language parameter functionality in index.php until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CubeCart version 2.0.4 **Description** A directory traversal issue exists in the index.php file of CubeCart, allowing remote attackers to read arbitrary files. This is achieved by manipulating the `language` parameter. **Recommendations** For CubeCart version 2.0.4, consider restricting access to the `language` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `language` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PnTresMailer version 6.03 Description: The issue allows remote attackers to gain sensitive information. This is achieved by providing an invalid `filetohighlight` parameter, which results in an error message that reveals the full path. Recommendations: For PnTresMailer version 6.03, consider restricting access to the `codebrowserpntm.php` file until a patch is available. As a temporary workaround, avoid using the `filetohighlight` parameter in the affected endpoint.

Name of the Vulnerable Software and Affected Versions: pnTresMailer version 6.0.3 Description: A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `filetodownload` parameter. Recommendations: For pnTresMailer version 6.0.3, consider restricting access to the `codebrowserpntm.php` file until a patch is available. As a temporary workaround, avoid using the `filetodownload` parameter with untrusted input.