Retrogod

**Name of the Vulnerable Software and Affected Versions** XAMPP version 1.6.0a **Description** The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts. This could potentially lead to unauthorized access or modification of database content. **Recommendations** For XAMPP version 1.6.0a, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XAMPP versions 1.6.0a and earlier **Description** The issue concerns the ADONewConnection Connect function in adodb.php, which uses untrusted input for the database server hostname. This allows remote attackers to potentially trigger a library buffer overflow and execute arbitrary code via a long host parameter. The impact of this issue could also be unspecified. **Recommendations** For XAMPP versions 1.6.0a and earlier, consider updating to a newer version that addresses this issue, although the exact fix might be argued to be in other products such as PHP or the ADOdb Library. As a temporary workaround, restrict the input for the database server hostname to prevent potential buffer overflow attacks.

**Name of the Vulnerable Software and Affected Versions** exV2 versions 2.0.4.3 and earlier **Description** The issue allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code. This is achieved by modifying the `xoopsOption['pagetype']` variable. **Recommendations** For exV2 versions 2.0.4.3 and earlier, consider restricting access to the `include/common.php` file until a patch is available. As a temporary workaround, avoid using the `xoopsOption['pagetype']` variable in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exV2 versions 2.0.4.3 and earlier **Description** A directory traversal issue exists in the avatar upload feature, allowing remote attackers to delete arbitrary files by using ".." sequences in the `old avatar` parameter. **Recommendations** For versions 2.0.4.3 and earlier, as a temporary workaround, consider restricting access to the avatar upload feature until a patch is available. Avoid using the `old avatar` parameter in the affected feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GuppY versions 4.5.9 and earlier **Description** The issue allows remote attackers to read and include arbitrary files. This can be achieved via the `meskin` parameter to `admin/editorTypetool.php`, or the `lng` parameter to the scripts `archbatch.php`, `dbbatch.php`, and `nwlmail.php` in the `admin/inc` directory. **Recommendations** For GuppY versions 4.5.9 and earlier, as a temporary workaround, consider restricting access to the `admin/editorTypetool.php`, `archbatch.php`, `dbbatch.php`, and `nwlmail.php` scripts until a patch is available. Avoid using the `meskin` and `lng` parameters in the affected scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xaraya version 1.0 **Description** A directory traversal issue exists in the create function in xarMLSXML2PHPBackend.php, allowing remote attackers to create directories and overwrite arbitrary files. This is achieved by using ".." sequences in the `module` parameter to the "/index.php" endpoint. **Recommendations** For Xaraya version 1.0, consider restricting access to the vulnerable `create` function in xarMLSXML2PHPBackend.php until a patch is available. As a temporary workaround, avoid using the `module` parameter in the "/index.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** XOOPS WF-Downloads module version 2.05 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `list` parameter in the viewcat.php file. **Recommendations** For XOOPS WF-Downloads module version 2.05, consider restricting access to the viewcat.php file until a patch is available. As a temporary workaround, avoid using the `list` parameter in the affected module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** XOOPS version 2.2.3 **Description** A directory traversal issue exists, allowing remote attackers to read or include arbitrary local files. This is achieved by using a .. (dot dot) in the `xoopsConfig[language]` parameter. **Recommendations** For XOOPS version 2.2.3, consider restricting access to the editor registry.php file until a patch is available. As a temporary workaround, avoid using the `xoopsConfig[language]` parameter with untrusted input.

**Name of the Vulnerable Software and Affected Versions** Moodle version 1.5.2 **Description** The issue concerns SQL injection vulnerabilities in the get record function within datalib.php. This allows remote attackers to execute arbitrary SQL commands by manipulating the `id` parameter in specific API endpoints, such as category.php and info.php. **Recommendations** For Moodle version 1.5.2, consider restricting access to the `get record` function in datalib.php until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected API endpoints, such as "category.php" and "info.php", to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** e107 versions 0.617 through 0.6173 **Description** The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This can be achieved by injecting HTML or script via the `a name` parameter or the `user` field of the login page. **Recommendations** For versions 0.617 through 0.6173, consider restricting access to the resetcore.php file and the login page to minimize the risk of exploitation. Avoid using the `a name` parameter and the `user` field in the login page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Utopia News Pro versions 1.1.3 through 1.1.4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `sitetitle` parameter in 'header.php', and the `version` and `query count` parameters in 'footer.php'. **Recommendations** For versions 1.1.3 and 1.1.4, consider restricting access to the 'header.php' and 'footer.php' files to minimize the risk of exploitation. As a temporary workaround, avoid using the `sitetitle`, `version`, and `query count` parameters in the affected files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Utopia News Pro (UNP) version 1.1.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands due to a SQL injection vulnerability in the news.php file. This occurs when magic quotes gpc is disabled and register globals is enabled, specifically through the `newsid` parameter in the API endpoint "/news.php". **Recommendations** For Utopia News Pro (UNP) version 1.1.3, consider disabling the `newsid` parameter in the news.php file until a patch is available, or ensure that magic quotes gpc is enabled and register globals is disabled to mitigate the risk of SQL injection attacks.

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.

**Name of the Vulnerable Software and Affected Versions** My Little Forum versions 1.5 through 1.6 beta **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the phrase field in the search.php file. **Recommendations** For My Little Forum versions 1.5 through 1.6 beta, consider restricting access to the search.php file until a patch is available. As a temporary workaround, avoid using the phrase field in the search functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PhpMyFaq version 1.5.1 **Description** The issue allows remote attackers to modify SQL queries and gain administrator privileges via the `user` field in the password.php file. **Recommendations** For PhpMyFaq version 1.5.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PhpMyFaq version 1.5.1 **Description** The issue allows remote attackers to obtain sensitive information. This is achieved via a `LANGCODE` parameter that does not exist, which reveals the path in an error message. **Recommendations** For PhpMyFaq version 1.5.1, avoid using the `LANGCODE` parameter in affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhpMyFaq version 1.5.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `PMF CONF[version]` parameter to "footer.php" or the `PMF LANG[metaLanguage]` parameter to "header.php". **Recommendations** For PhpMyFaq version 1.5.1, avoid using the `PMF CONF[version]` and `PMF LANG[metaLanguage]` parameters in the affected API endpoints until the issue is resolved. Consider restricting access to "footer.php" and "header.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PhpMyFaq version 1.5.1 **Description** The issue allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the `LANGCODE` parameter. This also enables direct code injection via the User Agent field in a request packet, which can be activated by using `LANGCODE` to reference the user tracking data file. **Recommendations** For PhpMyFaq version 1.5.1, consider restricting access to the `LANGCODE` parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the `LANGCODE` parameter in the index.php file until a patch is available. Additionally, restrict the ability to inject code via the User Agent field in request packets.

**Name of the Vulnerable Software and Affected Versions** PhpMyFaq version 1.5.1 **Description** The issue allows remote attackers to obtain sensitive information due to insufficient access control and predictable filenames of data files stored under the web document root. This can be achieved via a direct request to the "data/tracking[DATE]" file. **Recommendations** For PhpMyFaq version 1.5.1, consider restricting access to the data directory to minimize the risk of exploitation. As a temporary workaround, limit access to the tracking files until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Digital Scribe version 1.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `username` parameter in the "login.php" file. **Recommendations** For Digital Scribe version 1.4, consider restricting access to the login.php file until a patch is available, and avoid using the `username` parameter in a way that could allow SQL injection.