Lorexxar233

Name of the Vulnerable Software and Affected Versions: Ari Adminer version 1 Description: The issue allows remote attackers to execute arbitrary code via the `Title` parameter of the "Add New Connections" component when the `save()` function is called. This is a Cross Site Scripting (XSS) issue. Recommendations: For Ari Adminer version 1, consider disabling the `save()` function in the "Add New Connections" component until a patch is available. Restrict access to the `Title` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: WebPort versions prior to 1.19.1 Description: The issue is related to a Cross Site Scripting (XSS) problem. It can be exploited via the `description` parameter to `script/listcalls`. Recommendations: For versions prior to 1.19.1, update to version 1.19.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `script/listcalls` endpoint until the update is applied. Avoid using the `description` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.2.8 Description: The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the `url` parameter to "bbs/login.php" endpoint. Recommendations: For versions prior to 5.3.2.8, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "bbs/login.php" endpoint until a patch is available. Avoid using the `url` parameter in the affected endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WebPort versions prior to 1.19.1 Description: A Directory Traversal issue exists in the system settings tags, allowing potential access to sensitive files. Recommendations: For versions prior to 1.19.1, update to version 1.19.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: WebPort versions 1.19.1 and earlier Description: A Cross Site Scripting (XSS) issue exists via the `connection name` parameter in `type-conn`. This allows for potential malicious script execution. The estimated number of potentially affected devices worldwide is not specified. There is no information provided about real-world incidents where this issue was exploited. Recommendations: For WebPort versions 1.19.1 and earlier, consider restricting access to the `connection name` parameter in `type-conn` to minimize the risk of exploitation. As a temporary workaround, avoid using the `connection name` parameter in the affected `type-conn` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.2.8 Description: The issue is related to a SQL Injection vulnerability. It can be exploited via the `table prefix` parameter in the `install db.php` file. Recommendations: For versions prior to 5.3.2.8, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `install db.php` file to minimize the risk of exploitation. Avoid using the `table prefix` parameter in the affected file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: WebPort versions prior to 1.19.1 Description: The issue is related to a SQL Injection vulnerability. It can be exploited via the new connection, specifically through the `parameter name` in `type-conn`. Recommendations: For versions prior to 1.19.1, update to version 1.19.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `type-conn` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions prior to 3.3.16 Description: A Cross Site Scripting (XSS) issue exists, allowing exploitation via the `timezone` parameter to the "settings.php" endpoint. Recommendations: For versions prior to 3.3.16, update to version 3.3.16 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions 3.3.15 and earlier Description: A Cross Site Scripting (XSS) issue exists due to the `redirect url` parameter in `admin/changedata.php` and the `headers sent` function. This allows for potential exploitation. Recommendations: For versions 3.3.15 and earlier, consider disabling access to the `admin/changedata.php` page until a fix is available. Restrict the use of the `redirect url` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions prior to 3.3.16 Description: A Cross Site Scripting issue exists due to improper validation of user input in the `sitename`, `username`, and `email` parameters to the "/admin/setup.php" API endpoint. This allows an attacker to inject malicious scripts into the website. Recommendations: For GetSimpleCMS versions prior to 3.3.16, update to version 3.3.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/admin/setup.php" endpoint and validating user input for the `sitename`, `username`, and `email` parameters to prevent malicious script injection.

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS versions 3.3.15 and earlier Description: The issue is related to an open redirect in the admin/changedata.php file via the redirect function to the `url` parameter. This allows for potential redirection to unintended locations. Recommendations: For versions 3.3.15 and earlier, update to a version later than 3.3.15 to resolve the issue. As a temporary workaround, consider restricting access to the admin/changedata.php file or disabling the redirect function to the `url` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** pfSense versions prior to 2.4.4-p3 **Description** A cross-site scripting (XSS) issue was found. The `username` and `delmac` parameters in the services captiveportal mac.php file are displayed without proper sanitization. **Recommendations** For versions prior to 2.4.4-p3, update to a version that includes the necessary sanitization for the `username` and `delmac` parameters to prevent XSS exploitation.

**Name of the Vulnerable Software and Affected Versions** pfSense versions prior to 2.4.4-p3 **Description** An issue was discovered where the `widgetkey` parameter in `widgets/widgets/picture.widget.php` is used directly without sanitization for a pathname to `file get contents` or `file put contents`. **Recommendations** For versions prior to 2.4.4-p3, consider updating to a version that includes the necessary sanitization for the `widgetkey` parameter to prevent potential exploitation. As a temporary workaround, consider restricting access to the `picture.widget.php` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.32.4 **Description** The issue allows for SQL Injection via the `skins/classic/views/events.php` endpoint, specifically through the `filter[Query][terms][0][cnj]` parameter. **Recommendations** For ZoneMinder versions prior to 1.32.4, update to version 1.32.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.32.3 **Description** The issue concerns an XSS vulnerability. It can be exploited via the `newControl` array, specifically through the `newControl[MinTiltRange]` parameter in the skins/classic/views/controlcap.php file. **Recommendations** For versions prior to 1.32.3, update to version 1.32.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the controlcap.php file to minimize the risk of exploitation. Avoid using the `newControl[MinTiltRange]` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.32.3 **Description** The issue concerns the construction of SQL error messages in the includes/database.php file, which is affected by a cross-site scripting (XSS) issue. **Recommendations** For versions prior to 1.32.3, update to version 1.32.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.32.3 **Description** The issue allows for SQL Injection via the `sort` parameter in the "ajax/status.php" endpoint. **Recommendations** For versions prior to 1.32.3, update to version 1.32.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.32.3 **Description** The issue allows for SQL Injection via the `groupSql` parameter in the `skins/classic/views/control.php` file, as demonstrated by a `newGroup[MonitorIds][]` value. This can be exploited through the API endpoint `/skins/classic/views/control.php`. The vulnerable parameter is `newGroup[MonitorIds][]`. **Recommendations** For versions prior to 1.32.3, update to version 1.32.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `skins/classic/views/control.php` file to minimize the risk of exploitation. Avoid using the `newGroup[MonitorIds][]` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ZoneMinder versions prior to 1.32.3 **Description** The issue allows for SQL Injection via the `ajax/status.php` endpoint, specifically through the `filter[Query][terms][0][cnj]` parameter. **Recommendations** For versions prior to 1.32.3, update to version 1.32.3 or later to resolve the issue.