Snakespc

**Name of the Vulnerable Software and Affected Versions** EZ Webitor (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `txtUserId` (Username) and `txtPassword` (Password) parameters in the login.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Roxio CinePlayer version 3.2 **Description** A heap-based buffer overflow issue exists in the SonicMediaPlayer ActiveX control, which can be exploited by providing a long argument to the `DiskType` method, allowing remote attackers to execute arbitrary code. **Recommendations** For Roxio CinePlayer version 3.2, consider disabling the SonicMediaPlayer ActiveX control until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** com productbook version 1.0.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter in a detail action to "index.php". **Recommendations** For version 1.0.4, consider restricting access to the vulnerable "index.php" endpoint until a patch is available. Avoid using the `id` parameter in the detail action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Questions Answered version 1.3 **Description** A SQL injection issue exists in the administrative interface, allowing remote attackers to execute arbitrary SQL commands via the `username` parameter. **Recommendations** For version 1.3, consider restricting access to the administrative interface until a fix is available, and avoid using the `username` parameter in sensitive operations to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Joomla! component com sqlreport version 1.1 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `user id` parameter in the "ajax/print.php" endpoint. **Recommendations** For version 1.1 of the com sqlreport component, avoid using the `user id` parameter in the "ajax/print.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the ajax/print.php endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** AdsDX version 3.05 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `Username` in the admin/index.php file. **Recommendations** For AdsDX version 3.05, consider restricting access to the admin/index.php file until a patch is available, and avoid using the `Username` variable in a way that could allow SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** Elite Gaming Ladders version 3.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `platform` parameter in the `ladders.php` file. **Recommendations** For Elite Gaming Ladders version 3.2, consider restricting access to the `ladders.php` file until a patch is available. As a temporary workaround, avoid using the `platform` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zainu version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `album id` parameter in an "AlbumSongs" action. **Recommendations** For Zainu version 1.0, consider restricting access to the `album id` parameter in the "AlbumSongs" action until a patch is available. As a temporary workaround, avoid using the `album id` parameter in the affected endpoint.

**Name of the Vulnerable Software and Affected Versions** MyCars (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through a SQL injection vulnerability in the admin/index.php file when magic quotes gpc is disabled. The vulnerability is exploited via the `authuserid` parameter. **Recommendations** For MyCars, consider disabling the use of the `authuserid` parameter in the admin/index.php file until a patch is available. Restrict access to the admin/index.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Virtue News Manager (affected versions not specified) **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `nid` parameter in the news detail.php file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Virtue News Manager (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `nid` parameter in the "news detail.php" file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Frontis version 3.9.01.24 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `source class` parameter in a "browse classes" action. Recommendations: For Frontis version 3.9.01.24, avoid using the `source class` parameter in the "browse classes" action until the issue is resolved. Consider restricting access to the bin/aps browse sources.php file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 2daybiz Custom T-shirt Design Script (affected versions not specified) Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `id` parameter in the product.php file. Recommendations: For the affected version, consider restricting access to the `id` parameter in the product.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the vulnerable product.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: 2daybiz Custom T-shirt Design Script (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the product.php file. This can be exploited by sending malicious input to the API endpoint, potentially leading to unauthorized data access or modification. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VideoScript.us YouTube Video Script (affected versions not specified) Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters are `username` and `password`. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) (affected versions not specified) Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved through SQL injection vulnerabilities, specifically via the `username` and `password` parameters. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: bSpeak version 1.10 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `forumid` parameter in a post action to the "index.php" endpoint. Recommendations: For bSpeak version 1.10, consider restricting access to the `forumid` parameter in the post action to minimize the risk of exploitation. As a temporary workaround, avoid using the `forumid` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: DM FileManager version 3.9.2 Description: The issue concerns SQL injection vulnerabilities in the login.php file of DM FileManager. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands by manipulating the `Username` and `Password` fields. Recommendations: For DM FileManager version 3.9.2, consider disabling the login functionality in login.php until a patch is available, or enable magic quotes gpc to mitigate the risk of SQL injection attacks.

Name of the Vulnerable Software and Affected Versions: VidSharePro (affected versions not specified) Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `searchtxt` parameter in the "search.php" page. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VidSharePro (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in the "listing video.php" file. Recommendations: For VidSharePro, consider restricting access to the `catid` parameter in the "listing video.php" file until a patch is available. As a temporary workaround, avoid using the `catid` parameter in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.