O.U.T.L.A.W

**Name of the Vulnerable Software and Affected Versions** Mambo component com contxtd (affected versions not specified) **Description** A remote file inclusion issue in the Contacts XTD (ContXTD) component for Mambo allows remote attackers to potentially execute arbitrary PHP code via a URL in the `mosConfig absolute path` parameter. However, it is noted that the software may prevent the attack by checking whether ` VALID MOS` is defined. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wheatblog (wB) versions 1.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved via a URL in the `wb class dir` parameter. **Recommendations** For Wheatblog (wB) versions 1.1 and earlier, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the includes/session.php file until a fix is available. Avoid using the `wb class dir` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Virtual Hosting Control System (VHCS) (affected versions not specified) **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `day`, `month`, or `year` parameters in the admin/server day stats.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DirectAdmin Hosting Management (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `domain` parameter in HTM PASSWD. This enables attackers to execute malicious scripts on the victim's browser. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NeoMail version 1.29 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `sessionid` parameter. This enables attackers to potentially execute malicious scripts on the victim's browser. **Recommendations** For NeoMail version 1.29, avoid using the `sessionid` parameter in sensitive operations until a fix is available. As a temporary workaround, consider restricting access to the `sessionid` parameter to minimize the risk of exploitation.