Shockshadow

**Name of the Vulnerable Software and Affected Versions** PHPmyGallery version 1.51 gold **Description** The issue allows remote attackers to list arbitrary directories via a .. (dot dot) in the `group` parameter in the "index.php" file. **Recommendations** For PHPmyGallery version 1.51 gold, consider restricting access to the `group` parameter in the "index.php" file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! mosDirectory (com directory) version 2.3.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `GLOBALS[mosConfig absolute path]` parameter in the modules/mod pxt latest.php file. **Recommendations** For version 2.3.2, consider disabling the vulnerable module until a patch is available. Restrict access to the modules/mod pxt latest.php file to minimize the risk of exploitation. Avoid using the `GLOBALS[mosConfig absolute path]` parameter in the affected module until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wordsmith version 1.0 RC1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the ` path` parameter when `register globals` is enabled. **Recommendations** For Wordsmith version 1.0 RC1, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `config.inc.php` file to minimize the risk of arbitrary PHP code execution. Avoid using the ` path` parameter in URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Wordsmith version 1.0 RC1 **Description** The issue allows remote attackers to include and execute arbitrary local files due to a directory traversal vulnerability in the config.inc.php file when register globals is enabled. This is achieved by using a .. (dot dot) in the ` path` parameter. **Recommendations** For Wordsmith version 1.0 RC1, consider disabling the register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the config.inc.php file and avoid using the ` path` parameter until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Joomla! Flash Slide Show (com slideshow) component (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `mosConfig live site` parameter in the admin.slideshow1.php file. **Recommendations** For the affected version of the Flash Slide Show component, consider restricting access to the admin.slideshow1.php file until a patch is available. Avoid using the `mosConfig live site` parameter in the affected file to minimize the risk of exploitation.