Murderskillz

Name of the Vulnerable Software and Affected Versions: SimpleBlog version 3.0 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the comments get.asp file. Recommendations: For SimpleBlog version 3.0, consider restricting access to the comments get.asp file until a patch is available, and avoid using the `id` parameter in this context to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: bwired (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `newsID` parameter in the "index.php" file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bwired (affected versions not specified) Description: The issue allows remote attackers to hijack web sessions. This is achieved by setting the `PHPSESSID` parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bwired (affected versions not specified) Description: The issue is related to a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EVA-Web versions 1.1 through 2.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `aide` or `perso` parameter in the index.php3 file. This can be achieved by manipulating the URL to include malicious PHP code, potentially leading to unauthorized access or data compromise. **Recommendations** For EVA-Web versions 1.1 through 2.2, consider restricting access to the index.php3 file or disabling the `aide` and `perso` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MolyX BOARD version 2.5.0 **Description** The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the `lang` parameter to "index.php" and other unspecified PHP scripts. **Recommendations** For MolyX BOARD version 2.5.0, consider restricting access to the `lang` parameter in the "index.php" script until a patch is available. As a temporary workaround, avoid using the `lang` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Webinsta FM Manager versions 0.1.4 and earlier **Description** A remote file inclusion issue exists, allowing remote attackers to execute arbitrary PHP code via a URL in the `absolute path` parameter in the admin/login.php file. **Recommendations** For Webinsta FM Manager versions 0.1.4 and earlier, consider restricting access to the `admin/login.php` file until a patch is available. Avoid using the `absolute path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 8pixel.net Simple Blog versions 2.3 and earlier **Description** The issue allows remote attackers to conduct SQL injection attacks via ">" characters in the `id` parameter, which are not filtered by the protection mechanism in the default.asp file. **Recommendations** For versions 2.3 and earlier, consider restricting access to the default.asp file or the `id` parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected default.asp file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** myWebland MyBloggie version 2.1.3 **Description** The issue allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie, due to a CRLF injection vulnerability in index.php and admin.php. **Recommendations** For myWebland MyBloggie version 2.1.3, consider updating to a newer version that addresses the CRLF injection vulnerability in index.php and admin.php to prevent session hijacking and cross-site scripting (XSS) attacks.

**Name of the Vulnerable Software and Affected Versions** Webland MyBloggie version 2.1.3 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `post id` parameter in "index.php" and the search function. **Recommendations** For Webland MyBloggie version 2.1.3, avoid using the `post id` parameter in "index.php" and restrict access to the search function until a fix is available.