Lostmon

**Name of the Vulnerable Software and Affected Versions** GreenBrowser versions 6.1.0117 through 6.1.0216 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This can occur via the URI in an about: page or the last visited URL in the `LastVisitWriteEn` function in `function.js`. **Recommendations** For GreenBrowser version 6.1.0117, update to a version later than 6.1.0216 to resolve the issue. For GreenBrowser version 6.1.0216, update to a version later than 6.1.0216 to resolve the issue. As a temporary workaround, consider restricting access to the `LastVisitWriteEn` function in `function.js` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 6.0.472.53 **Description** The issue allows remote attackers to enumerate the set of installed extensions via unknown vectors. **Recommendations** For versions prior to 6.0.472.53, update to version 6.0.472.53 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wowd client versions prior to 1.3.1 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `sortby`, `tags`, or `ctx` parameters in a search action. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the search action or validating and sanitizing user input for the `sortby`, `tags`, and `ctx` parameters to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Lunascape versions 5.1.3 through 5.1.4 Description: The issue allows remote attackers to spoof the address bar via `window.open` with a relative URI. This can be used to show an arbitrary URL on the web site visited by the victim. For example, a visit to an attacker-controlled web page can trigger a spoofed login form for the site containing that page. A related attack was reported where an arbitrary `file:` URL is shown. Recommendations: For versions 5.1.3 and 5.1.4, consider restricting the use of the `window.open` function with relative URIs until a patch is available. As a temporary workaround, avoid using relative URIs in the `window.open` function to minimize the risk of address bar spoofing.

Name of the Vulnerable Software and Affected Versions: Avant Browser version 11.7 Build 35 Avant Browser version 11.7 Build 36 Description: The issue allows remote attackers to spoof the address bar via `window.open` with a relative URI. This can be used to show an arbitrary URL on the web site visited by the victim. For example, a visit to an attacker-controlled web page can trigger a spoofed login form for the site containing that page. Recommendations: For Avant Browser version 11.7 Build 35, avoid using `window.open` with relative URIs until a fix is available. For Avant Browser version 11.7 Build 36, avoid using `window.open` with relative URIs until a fix is available.

Name of the Vulnerable Software and Affected Versions: K-Meleon version 1.5.3 Description: The issue allows context-dependent attackers to spoof the address bar. This can be achieved via `window.open` with a relative URI, to show an arbitrary `file:` URL after a victim has visited any `file:` URL. For example, this could be demonstrated by a visit to a `file:` document written by the attacker. Recommendations: For K-Meleon version 1.5.3, consider restricting the use of `window.open` with relative URIs to minimize the risk of address bar spoofing until a patch is available.

Name of the Vulnerable Software and Affected Versions: Maxthon Browser version 2.5.3.80 UNICODE Description: The issue allows remote attackers to spoof the address bar. This can be achieved via `window.open` with a relative URI, showing an arbitrary URL on the web site visited by the victim. For example, a visit to an attacker-controlled web page can trigger a spoofed login form for the site containing that page. Recommendations: For Maxthon Browser version 2.5.3.80 UNICODE, consider avoiding the use of `window.open` with relative URIs until a fix is available. As a temporary workaround, restrict access to potentially malicious web pages to minimize the risk of address bar spoofing.

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue allows remote attackers to spoof the address bar. This can be achieved via `window.open` with a relative URI, showing an arbitrary URL on the web site visited by the victim. For example, a visit to an attacker-controlled web page can trigger a spoofed login form for the site containing that page. Recommendations: For Microsoft Internet Explorer versions 6 through 8, consider avoiding the use of `window.open` with relative URIs until a fix is available. As a temporary workaround, restrict access to potentially malicious web pages to minimize the risk of address bar spoofing.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 3.5.1 SeaMonkey version 1.1.17 Flock version 2.5.1 Description: The issue allows context-dependent attackers to spoof the address bar. This can be achieved via `window.open` with a relative URI, to show an arbitrary `file:` URL after a victim has visited any `file:` URL. For example, this could be demonstrated by a visit to a `file:` document written by the attacker. Recommendations: For Mozilla Firefox version 3.5.1, update to a version that fixes this issue. For SeaMonkey version 1.1.17, update to a version that fixes this issue. For Flock version 2.5.1, update to a version that fixes this issue.

**Name of the Vulnerable Software and Affected Versions** Jax Guestbook versions 3.1 through 3.50 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `gmt ofs` and `language` parameters in the jax guestbook.php file. **Recommendations** For versions 3.1 through 3.50, update to a version that fixes the XSS vulnerabilities in the jax guestbook.php file, specifically addressing the `gmt ofs` and `language` parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jax Guestbook versions 3.1 through 3.31 **Description** The issue allows remote attackers to obtain IP addresses of users due to insufficient access control. This is achieved via a direct request to various endpoints, including "guestbook", "guestbook ips2block", "ips2block", and "formmailer/logfile.csv". **Recommendations** For versions 3.1 through 3.31, restrict access to the sensitive information stored under the web root to prevent remote attackers from obtaining user IP addresses. Consider implementing proper access controls for the affected endpoints. As a temporary workaround, consider restricting direct requests to the "guestbook", "guestbook ips2block", "ips2block", and "formmailer/logfile.csv" endpoints until a proper fix is applied.

Name of the Vulnerable Software and Affected Versions: DHCart (affected versions not specified) Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `domain` and `d1` parameters in the order.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Safari version 3.2.1 **Description** The issue allows remote attackers to cause a denial of service, potentially resulting in an infinite loop or access violation, by exploiting a link to an http URI with a specific authority portion. This authority portion can be either a single dot (.) or a dot dot (..) sequence. **Recommendations** For Apple Safari version 3.2.1, consider avoiding links with http URIs containing a single dot (.) or dot dot (..) sequence in the authority portion until a fix is available. As a temporary workaround, restrict access to such links to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: RMSOFT MiniShop module version 1.0 for Xoops Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `itemsxpag` parameter in the search.php file. Recommendations: For RMSOFT MiniShop module version 1.0, consider restricting access to the search.php file until a patch is available, and avoid using the `itemsxpag` parameter in the affected API endpoint.

Name of the Vulnerable Software and Affected Versions: RMSOFT MiniShop module version 1.0 for Xoops Description: The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the `itemsxpag` parameter in the search.php file. Recommendations: For RMSOFT MiniShop module version 1.0, consider restricting access to the search.php file until a patch is available, and avoid using the `itemsxpag` parameter in the affected API endpoint.

Name of the Vulnerable Software and Affected Versions: FileAlyzer versions 1.6.0.0 through 1.6.0.4 Description: A stack-based buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data. Recommendations: For versions 1.6.0.0 through 1.6.0.4, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bluemoon PopnupBLOG module versions 3.20 and 3.30 for XOOPS **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the index.php file of the Bluemoon PopnupBLOG module for XOOPS. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `param`, `cat id`, and `view` parameters. **Recommendations** For version 3.20, update the module to a version that includes a fix for the XSS vulnerabilities. For version 3.30, update the module to a version that includes a fix for the XSS vulnerabilities. As a temporary workaround, consider restricting access to the index.php file in the Bluemoon PopnupBLOG module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHPizabi versions prior to 848 Core HotFix Pack 3 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via the `query` parameter in a "blogs.search" action. **Recommendations** For versions prior to 848 Core HotFix Pack 3, update to 848 Core HotFix Pack 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `index.php` file or disabling the `blogs.search` action until a patch is applied. Avoid using the `query` parameter in the affected action until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: bcoos versions 1.0.9 through 1.0.13 Description: A directory traversal issue in the highlight.php file allows remote attackers to read arbitrary files. This can be achieved by using `(1) .. (dot dot)` or `(2) C: folder` sequences in the `file` parameter. Recommendations: For bcoos versions 1.0.9 through 1.0.13, consider restricting access to the highlight.php file until a patch is available. As a temporary workaround, avoid using the `file` parameter in the highlight.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** bcoos versions 1.0.10 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `lid` parameter in the modules/adresses/ratefile.php module. **Recommendations** For bcoos versions 1.0.10 and earlier, consider restricting access to the modules/adresses/ratefile.php module until a fix is available. As a temporary workaround, avoid using the `lid` parameter in the affected module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.