Nukedx A.K.A Nuker

**Name of the Vulnerable Software and Affected Versions** Neocrome Land Down Under (LDU) versions 8.x and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via a url-encoded `id` parameter to the "users.php" endpoint that begins with a valid filename. An example of such an exploit includes using "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527). **Recommendations** For Neocrome Land Down Under (LDU) versions 8.x and earlier, consider restricting access to the `users.php` endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Neocrome Seditio versions 1.10 and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded `id` parameter to "users.php" that begins with a valid filename. This can be demonstrated by using a filename such as "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527). **Recommendations** For Neocrome Seditio versions 1.10 and earlier, consider restricting access to the "users.php" endpoint until a fix is available, and avoid using the `id` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke (affected versions not specified) **Description** The issue allows remote attackers to conduct remote PHP file inclusion attacks. This is achieved by modifying the `phpbb root path` parameter in various admin scripts, including "index.php", "admin ug auth.php", "admin board.php", "admin disallow.php", "admin forumauth.php", "admin groups.php", "admin ranks.php", "admin styles.php", "admin user ban.php", "admin words.php", "admin avatar.php", "admin db utilities.php", "admin forum prune.php", "admin forums.php", "admin mass email.php", "admin smilies.php", and "admin users.php". The vulnerability occurs when the `import request variables` function overwrites the `$phpbb root path` variable after it has been initialized to a static value. **Recommendations** As a temporary workaround, consider restricting access to the admin scripts until a patch is available. Avoid using the modified `phpbb root path` parameter in the affected admin scripts. Restrict the execution of the `import request variables` function to prevent the overwrite of the `$phpbb root path` variable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASPSitem versions 2.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `hid` parameter in the Anket.asp file. **Recommendations** For ASPSitem versions 2.0 and earlier, consider restricting access to the Anket.asp file until a patch is available. As a temporary workaround, avoid using the `hid` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASPSitem versions 2.0 and earlier **Description** The issue allows remote attackers to read private messages of other users. This is achieved by modifying the `id` parameter in the Hesabim.asp file. **Recommendations** For ASPSitem versions 2.0 and earlier, restrict access to the Hesabim.asp file to minimize the risk of exploitation. Avoid using the `id` parameter in the Hesabim.asp file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Enigma Haber versions 4.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different files, including the `id` parameter in files such as `e mesaj yas.asp`, `edi haber.asp`, and `haber devam.asp`, the `hid` parameter in files like `yazdir.asp` and `yorum.asp`, and the `e` parameter in `arsiv.asp`. With administrator credentials, additional vectors exist, including the `yid` parameter to `admin/y admin.asp`, the `bid` parameter to `admin/reklam detay.asp`, the `hid` parameter to `admin/detay yorum.asp` and `admin/haber sil.asp`, the `kid` parameter to `admin/kategori d.asp`, the `tur` parameter to `admin/haber ekle.asp`, the `s` parameter to `admin/e mesaj yaz.asp`, and the `id` parameter to `admin/admin sil.asp`. **Recommendations** For Enigma Haber versions 4.3 and earlier, consider disabling the SQL execution functionality until a patch is available. Restrict access to the vulnerable parameters, such as `id`, `hid`, `e`, `yid`, `bid`, `kid`, `tur`, and `s`, in the respective files to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Eggblog versions prior to 3.0 **Description** The issue allows remote attackers to change the password of administrators and possibly other users. This is achieved by modifying the `username` parameter in the 'home/register.php' endpoint. **Recommendations** For Eggblog versions prior to 3.0, consider restricting access to the 'home/register.php' endpoint until a fix is available. As a temporary workaround, avoid using the `username` parameter in this endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mini-Nuke versions 2.3 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `yas 1`, `yas 2`, and `yas 3` parameters in the Your Account.asp file. **Recommendations** For Mini-Nuke versions 2.3 and earlier, update to a version later than 2.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mini-Nuke versions 2.3 and earlier **Description** The issue allows remote attackers to register multiple times via automated scripts because `membership.asp` uses plaintext security codes. **Recommendations** For Mini-Nuke versions 2.3 and earlier, consider updating the security codes to use a more secure method, such as encryption, to prevent unauthorized registrations. As a temporary workaround, restrict access to the `membership.asp` page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mini-Nuke versions 2.3 and earlier **Description** The issue makes it easier for remote attackers to conduct password guessing attacks. This is achieved by setting the `guvenlik` parameter to the same value as the hidden `gguvenlik` parameter in the `enter.asp` file, which bypasses a verification step. The `gguvenlik` parameter is assumed to be immutable by the attacker. **Recommendations** For Mini-Nuke versions 2.3 and earlier, as a temporary workaround, consider restricting access to the `enter.asp` file until a patch is available. Avoid using the `guvenlik` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Activity MOD Plus (Amod) version 1.1.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter when `register globals` is enabled. This is similar to a previously identified issue. **Recommendations** For Activity MOD Plus (Amod) version 1.1.0, consider disabling the `register globals` setting to mitigate the risk of exploitation. Additionally, restrict access to the `lang activity.php` file to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** Blend Portal version 1.2.0 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `phpbb root path` parameter when `register globals` is enabled. This is similar to another previously identified issue. **Recommendations** For Blend Portal version 1.2.0, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `blend data/blend common.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the `phpbb root path` parameter in URLs for the affected version.

**Name of the Vulnerable Software and Affected Versions** tinyBB version 0.3 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `tinybb footers` parameter when `register globals` is enabled. This is a result of a remote file inclusion vulnerability in the footers.php file. **Recommendations** For tinyBB version 0.3, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Additionally, restrict access to the footers.php file to minimize the risk of arbitrary PHP code execution.

**Name of the Vulnerable Software and Affected Versions** tinyBB version 0.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `q` parameter in "forgot.php", and the `username` and `password` parameters in "login.php". Other unspecified vectors are also affected. **Recommendations** For tinyBB version 0.3, consider restricting access to the affected parameters `q`, `username`, and `password` in the respective files until a patch is available. As a temporary workaround, avoid using the vulnerable parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Epicdesigns tinyBB version 0.3 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the `q` parameter in "forgot.php", which is echoed in an error message. Other vectors are also affected, although they are not specified. **Recommendations** For Epicdesigns tinyBB version 0.3, consider restricting access to the "forgot.php" page or validating and sanitizing the `q` parameter to prevent injection of malicious scripts until a patch is available. As a temporary workaround, avoid using the `q` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** F@cile Interactive Web versions 0.8.41 through 0.8.5 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `l` parameter in the p-popupgallery.php file. **Recommendations** For versions 0.8.41 through 0.8.5, consider restricting access to the p-popupgallery.php file until a patch is available. Avoid using the `l` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** F@cile Interactive Web versions 0.8.5 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved via a URL in the `pathfile` parameter in files such as p-editpage.php and p-editbox.php, and the `mytheme` and `myskin` parameters in multiple "p-themes" index.inc.php files, including lowgraphic, classic, puzzle, simple, and ciao. **Recommendations** For F@cile Interactive Web versions 0.8.5 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the p-editpage.php, p-editbox.php, and "p-themes" index.inc.php files, and avoid using the `pathfile`, `mytheme`, and `myskin` parameters in these files until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** F@cile Interactive Web versions 0.8.5 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via the `lang` parameter in index.php, and the `mytheme` and `myskin` parameters in multiple "p-themes" index.inc.php files, including lowgraphic, classic, puzzle, simple, and ciao. It is noted that some vectors might be resultant from file inclusion issues. **Recommendations** For F@cile Interactive Web versions 0.8.5 and earlier, consider disabling the `lang`, `mytheme`, and `myskin` parameters in the affected files until a patch is available. Restrict access to the index.php and "p-themes" index.inc.php files to minimize the risk of exploitation. Avoid using the `lang`, `mytheme`, and `myskin` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UBBThreads versions 5.x through 6.x **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `thispath` or `configdir` parameters. This can be exploited by providing a malicious URL as the value for these parameters. **Recommendations** For UBBThreads versions 5.x through 6.x, consider restricting access to the `ubbt.inc.php` file and avoid using user-provided input for the `thispath` and `configdir` parameters until a patch is available. As a temporary workaround, restrict the use of these parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ASPBB versions 0.52 and earlier **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML or web script via the `search` parameter in the "perform search.asp" page. **Recommendations** For ASPBB versions 0.52 and earlier, avoid using the `search` parameter in the "perform search.asp" page until a fix is available. As a temporary workaround, consider restricting access to the "perform search.asp" page to minimize the risk of exploitation.