Pepelux

**Name of the Vulnerable Software and Affected Versions** HP Data Protector Manager version 6.11 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash of the RDS service, by sending a packet with a large data size to TCP port 1530. **Recommendations** For HP Data Protector Manager version 6.11, consider restricting access to TCP port 1530 to minimize the risk of exploitation. As a temporary workaround, limiting the size of incoming data packets may help prevent the denial of service.

**Name of the Vulnerable Software and Affected Versions** eFront versions 3.5.1 build 2710 and earlier **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in student/avatars/ or professor/avatars/. **Recommendations** For versions 3.5.1 build 2710 and earlier, consider restricting access to the avatar upload feature until a fix is available, and avoid using executable file extensions for avatar uploads.

**Name of the Vulnerable Software and Affected Versions** Arz Development The Gemini Portal versions 4.7 and earlier **Description** The issue allows remote attackers to bypass authentication and gain administrator privileges. This can be achieved by setting the `user` cookie to "admin" and the `name` parameter to "users" in the "admin.php" endpoint. **Recommendations** For versions 4.7 and earlier, as a temporary workaround, consider restricting access to the "admin.php" endpoint until a patch is available. Avoid using the `name` parameter in the "admin.php" endpoint with the value "users" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NewLife Blogger versions 3.0 and earlier NewLife Blogger version 3.3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `nlb3` cookie. **Recommendations** For NewLife Blogger versions 3.0 and earlier, update to a version later than 3.0 to resolve the issue. For NewLife Blogger version 3.3.1, consider restricting access to the `nlb user.class.php` file until a patch is available. As a temporary workaround, avoid using the `nlb3` cookie in the affected system.

**Name of the Vulnerable Software and Affected Versions** TXTshop beta version 1.0 **Description** A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the `language` parameter. **Recommendations** For TXTshop beta version 1.0, consider restricting access to the `header.php` file until a patch is available. As a temporary workaround, avoid using the `language` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpcrs versions 2.06 and earlier **Description** The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `importFunction` parameter when `magic quotes gpc` is disabled. This can be exploited by sending a malicious request to the `/frame.php` endpoint. **Recommendations** For phpcrs versions 2.06 and earlier, consider disabling the `importFunction` parameter in the `frame.php` file until a patch is available. Additionally, enabling `magic quotes gpc` may help mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pritlog versions 0.4 and earlier **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot) in the `filename` parameter in a "viewEntry" action, when `magic quotes gpc` is disabled. **Recommendations** For Pritlog versions 0.4 and earlier, consider disabling the `viewEntry` action or restricting access to it until a patch is available. Additionally, enabling `magic quotes gpc` may help mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** ADN Forum versions 1.0b and earlier **Description** The issue allows remote attackers to bypass authentication and gain sysop access. This is achieved by composing a `fpusuario` cookie with a specific string format, including an initial 'sysop:' string, an arbitrary `password` field, and a final ':sysop:0' string. **Recommendations** For ADN Forum versions 1.0b and earlier, as a temporary workaround, consider restricting access to the authentication mechanism until a patch is available. Avoid using the `fpusuario` cookie in a way that could allow unauthorized access. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: FOSS Gallery Admin and FOSS Gallery Public version 1.0 beta Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the processFiles.php script, and then accessing it via a direct request to the file in the root directory. Recommendations: For version 1.0 beta, restrict access to the processFiles.php script to prevent unauthorized file uploads, and consider implementing validation to only allow uploading of files with specific, non-executable extensions until a patch is available.

Name of the Vulnerable Software and Affected Versions: PHP Web Explorer versions 0.99b and earlier Description: The issue allows remote attackers to include and execute arbitrary local files. This can be achieved by using a .. (dot dot) in the `refer` parameter to "main.php" and the `file` parameter to "edit.php". Recommendations: For PHP Web Explorer versions 0.99b and earlier, as a temporary workaround, consider restricting access to the "main.php" and "edit.php" files until a patch is available. Avoid using the `refer` and `file` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SACphp versions prior to Yerba 6.3 Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the `mod` parameter of the index.php file. This is a directory traversal vulnerability. Recommendations: For SACphp versions prior to Yerba 6.3, consider restricting access to the `mod` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `mod` parameter with untrusted input to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Crux Gallery versions 1.32 and earlier Description: The issue allows remote attackers to gain administrative access. This can be achieved by setting the `name` parameter to "users" in the main.php file, as demonstrated via the index.php endpoint. Recommendations: For Crux Gallery versions 1.32 and earlier, avoid using the `name` parameter in the main.php file until the issue is resolved. As a temporary workaround, consider restricting access to the main.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MyBlog versions 0.9.8 and earlier Description: The issue allows remote attackers to bypass authentication and gain administrative access. This can be achieved by setting a cookie with `admin` set to 'yes' and `login` set to 'admin'. Recommendations: For MyBlog versions 0.9.8 and earlier, consider disabling access to the add.php file until a patch is available. Restrict access to administrative functions to minimize the risk of exploitation. Avoid using the `admin` and `login` variables in cookies for authentication purposes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Libra File Manager versions 1.18 and earlier Description: The issue allows remote attackers to bypass authentication and perform unauthorized actions such as reading arbitrary files, modifying arbitrary files, and listing arbitrary directories. This is achieved by inserting certain `user` and `isadmin` parameters in the query string of the `fileadmin.php` endpoint. Recommendations: For Libra File Manager versions 1.18 and earlier, as a temporary workaround, consider restricting access to the `fileadmin.php` endpoint until a patch is available. Avoid using the `user` and `isadmin` parameters in the query string of the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Addalink versions 1.0 beta 4 and earlier **Description** The issue allows remote attackers to approve web-site additions via a modified `approved` field and change the visit-counter value via a modified `counter` field. **Recommendations** For Addalink versions 1.0 beta 4 and earlier, update to a version later than 1.0 beta 4 to resolve the issue.