Pjphem

Name of the Vulnerable Software and Affected Versions: Blog Torrent versions 0.92 and earlier Description: The issue allows remote attackers to obtain sensitive information, such as account names and password hashes, due to insufficient access control of sensitive files stored under the web document root in the `data` or `torrents` directories. This can be demonstrated by accessing `data/newusers`. Recommendations: For Blog Torrent versions 0.92 and earlier, consider restricting access to the `data` and `torrents` directories to minimize the risk of exploitation. As a temporary workaround, limit access to sensitive files within these directories until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SimplePHPBlog version 0.4.0 Description: The issue concerns insufficient access control to password hashes stored in a file, allowing remote attackers to potentially obtain passwords through brute force attacks. Recommendations: For SimplePHPBlog version 0.4.0, consider restricting access to the config/password.txt file to minimize the risk of exploitation. As a temporary workaround, limit the number of login attempts to prevent brute force attacks until a more secure solution is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.