John Leitch

**Name of the Vulnerable Software and Affected Versions** SAP SQL Anywhere .NET Data Provider (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the .NET Data Provider, allowing remote attackers to execute arbitrary code via a crafted column alias. This can lead to code execution vulnerabilities. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Foxit PDF SDK DLL versions prior to 3.1.1.5005 **Description** The issue is related to a buffer overflow in the `FPDFBookmark GetTitle` method, allowing context-dependent attackers to execute arbitrary code. **Recommendations** For versions prior to 3.1.1.5005, update to version 3.1.1.5005 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SumatraPDF Reader versions 2.x before 2.2.1 SumatraPDF Reader version 2.2.0 and earlier **Description** A use-after-free issue exists in the way SumatraPDF Reader handles objects in memory, allowing remote attackers to execute arbitrary code via a crafted PDF file. This could enable an attacker to gain the same user rights as the current user. If the current user has administrative rights, an attacker could take complete control of the affected system. **Recommendations** For SumatraPDF Reader versions 2.x before 2.2.1, update to version 2.2.1 or later to resolve the issue. For SumatraPDF Reader version 2.2.0 and earlier, update to version 2.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader versions prior to 5.3 **Description** The issue allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment. This is triggered by the calculation of a negative number during the processing of cross references. **Recommendations** For versions prior to 5.3, update to version 5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** eXtplorer versions 2.1 RC3 and earlier **Description** The issue concerns multiple vulnerabilities in the eXtplorer package of the Debian GNU/Linux operating system, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, a cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via an `adduser` admin action. **Recommendations** For versions 2.1 RC3 and earlier, consider disabling the `adduser` admin action as a temporary workaround until a patch is available. Restrict access to administrator accounts to minimize the risk of exploitation. Avoid using the vulnerable `adduser` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WeBid version 0.8.5 P1 **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `id` parameter in the "confirm.php" file. **Recommendations** For WeBid version 0.8.5 P1, avoid using the `id` parameter in the confirm.php file until a fix is available. Consider restricting access to the confirm.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vodpod Video Gallery Plugin version 3.1.5 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `gid` parameter in the vodpod-gallery/vodpod gallery thumbs.php file. **Recommendations** For Vodpod Video Gallery Plugin version 3.1.5, avoid using the `gid` parameter in the vulnerable file until the issue is resolved. Consider temporarily restricting access to the vodpod-gallery/vodpod gallery thumbs.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MODx Revolution version 2.0.2-pl **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `modhash` parameter in the "manager/index.php" endpoint. **Recommendations** For MODx Revolution version 2.0.2-pl, update to a version that fixes this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** BaconMap version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `type` parameter in the "doadd.php" file. **Recommendations** For BaconMap version 1.0, consider restricting access to the "doadd.php" file or avoid using the `type` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** QooxDoo versions 1.3 and possibly other versions eyeOS versions 2.2 and 2.3 **Description** A directory traversal issue allows remote attackers to read arbitrary files via ..%2f (encoded dot dot) sequences in the `file` parameter. This issue is present in the framework/source/resource/qx/test/part/delay.php file. **Recommendations** For QooxDoo version 1.3, avoid using the `file` parameter with ..%2f sequences in the delay.php file until a patch is available. For eyeOS versions 2.2 and 2.3, restrict access to the delay.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Custom Pages module version 0.5.0.1 for WordPress **Description** The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the wp-download.php file. This is achieved by using ..%2F (encoded dot dot) sequences in the `url` parameter. **Recommendations** For WP Custom Pages module version 0.5.0.1, consider restricting access to the wp-download.php file until a patch is available. As a temporary workaround, avoid using the `url` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Aphpkb version 0.95.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `pdfa` parameter in the plugins/pdfClasses/pdfgen.php plugin. **Recommendations** For Aphpkb version 0.95.4, consider restricting access to the `pdfgen.php` plugin until a patch is available. As a temporary workaround, avoid using the `pdfa` parameter in the affected plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nubuilder versions prior to 10.07.12 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `f` parameter in the nuedit.php file. **Recommendations** For versions prior to 10.07.12, update to version 10.07.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RunCms version 2.1 **Description** A cross-site scripting (XSS) issue exists in the Headlines module, specifically in the magpie debug.php script, which allows remote attackers to inject arbitrary web script or HTML via the `url` parameter when the Headlines module is enabled. **Recommendations** For RunCms version 2.1, consider disabling the Headlines module until a patch is available to prevent exploitation of the XSS vulnerability.

**Name of the Vulnerable Software and Affected Versions** Newanz NewsOffice version 2.0.18 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `n-cat` parameter in the news show.php file. **Recommendations** For Newanz NewsOffice version 2.0.18, consider restricting access to the news show.php file until a patch is available, and avoid using the `n-cat` parameter in this file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** nubuilder versions 10.04.20 through 10.07.12 **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `dir` parameter of the fileuploader.php script. **Recommendations** For versions 10.04.20 through 10.07.12, update to version 10.07.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Orbis CMS version 1.0.2 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `s` parameter in the admin/editors/text/editor-body.php file. **Recommendations** For Orbis CMS version 1.0.2, as a temporary workaround, consider restricting access to the admin/editors/text/editor-body.php file until a patch is available. Avoid using the `s` parameter in this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCExam versions 10.1.006 through 10.1.007 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the admin/code/tce functions tcecode editor.php file, then accessing it via a direct request to the file in cache/. **Recommendations** For versions 10.1.006 and 10.1.007, consider restricting access to the `tce functions tcecode editor.php` file to prevent unauthorized file uploads until a patch is available. As a temporary workaround, restrict access to the cache directory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Brekeke PBX version 2.4.4.8 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for requests that change passwords via the pbxadmin.web.PbxUserEdit bean. **Recommendations** For Brekeke PBX version 2.4.4.8, consider disabling the pbxadmin.web.PbxUserEdit bean as a temporary workaround until a patch is available. Restrict access to the password change functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Uniform Server version 5.6.5 **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests that change passwords. The affected API endpoints include "apsetup.php", "psetup.php", "sslpsetup.php", and "mqsetup.php". **Recommendations** For The Uniform Server version 5.6.5, as a temporary workaround, consider restricting access to the affected API endpoints "apsetup.php", "psetup.php", "sslpsetup.php", and "mqsetup.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.