Ratboy

**Name of the Vulnerable Software and Affected Versions** Infor Storefront B2B version 1.0 **Description** Infor Storefront B2B version 1.0 contains a SQL injection issue that allows attackers to manipulate database queries. This is achieved through the `usr name` parameter within login requests. Attackers can inject malicious SQL code into the `usr name` parameter, potentially allowing them to extract or modify database information. The vulnerable API endpoint is the login request. **Recommendations** Versions prior to 1.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** Xchat versions 2.6.6 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, via unspecified vectors involving the `PRIVMSG` command. The vendor has disputed this issue, stating that it does not affect version 2.6.7 or any recent version. **Recommendations** For Xchat versions 2.6.6 and earlier, consider disabling the `PRIVMSG` command as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.