Navairum

**Name of the Vulnerable Software and Affected Versions** Aigaion versions 1.2.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `DIR` parameter to API endpoints such as " basicfunctions.php" or "pageactionauthor.php". **Recommendations** For Aigaion versions 1.2.1 and earlier, consider restricting access to the ` basicfunctions.php` and `pageactionauthor.php` files until a patch is available. Avoid using the `DIR` parameter in these API endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Yet Another News System (YANS) version 0.2b **Description** The issue concerns SQL injection vulnerabilities in the login user function. Remote attackers can execute arbitrary SQL commands via the `username` or `password` parameter. **Recommendations** For Yet Another News System (YANS) version 0.2b, consider disabling the login user function in yans.func.php until a patch is available to prevent exploitation of the SQL injection vulnerabilities. Restrict access to the login functionality to minimize the risk of arbitrary SQL command execution. Avoid using the `username` and `password` parameters in the affected function until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: NewP News Publication System version 1.0.0 Description: The issue allows remote attackers to execute arbitrary PHP code via the `path` parameter in lib/class.Database.php when register globals is enabled. Recommendations: For NewP News Publication System version 1.0.0, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the lib/class.Database.php file to minimize the risk of arbitrary PHP code execution. Avoid using the `path` parameter in vulnerable configurations until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: University of British Columbia iPeer versions 2.0 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via a URL in the `page` parameter. This issue might be related to CakePHP. Recommendations: For University of British Columbia iPeer versions 2.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.