Sp3X

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 5.0.375.125 **Description** The issue is related to the improper handling of a large canvas in Google Chrome, which has unspecified impact and can be exploited via remote attack vectors. **Recommendations** For versions prior to 5.0.375.125, update to version 5.0.375.125 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 7.8 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `username` variable, specifically in the Nickname field of the Your Account module in index.php. **Recommendations** For PHP-Nuke versions 7.8 and earlier, consider restricting access to the Your Account module until a fix is available. As a temporary workaround, avoid using the `username` variable in the Nickname field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostNuke version 0.750 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `start` parameter in the readpmsg.php file. **Recommendations** For PostNuke version 0.750, avoid using the `start` parameter in the readpmsg.php file until a patch is available. As a temporary workaround, consider restricting access to the readpmsg.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PostNuke version 0.750 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the `start` parameter in the readpmsg.php file. **Recommendations** For PostNuke version 0.750, avoid using the `start` parameter in the readpmsg.php file until a patch is available. As a temporary workaround, consider restricting access to the readpmsg.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.x through 7.6 **Description** The issue allows remote attackers to obtain sensitive information via a direct request to certain modules, which reveals the path in a PHP error message. Specifically, this can be done through requests to (1) "my headlines", (2) "userinfo", or (3) "search". **Recommendations** For PHP-Nuke versions 6.x through 7.6, consider restricting access to the "modules.php" file to prevent direct requests to sensitive modules like "my headlines", "userinfo", and "search" until a proper fix is applied. As a temporary workaround, disabling the display of PHP error messages can help minimize the risk of information disclosure.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.x through 7.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to multiple cross-site scripting (XSS) vulnerabilities. This can be achieved via the `min` parameter to the "Search" module, the `categories` parameter to the "FAQ" module, or the `ltr` parameter to the "Encyclopedia" module. **Recommendations** For PHP-Nuke versions 6.x through 7.6, consider restricting access to the vulnerable modules, specifically the Search, FAQ, and Encyclopedia modules, until a fix is available. As a temporary workaround, avoid using the `min`, `categories`, and `ltr` parameters in their respective modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.x through 7.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `username` parameter in the "Your Account" module, the `avatarcategory` parameter in the "Your Account" module, or the `lid` parameter in the "Downloads" module. **Recommendations** For PHP-Nuke versions 6.x through 7.6, consider disabling the affected modules, specifically the "Your Account" and "Downloads" modules, until a fix is available. Restrict access to the `username`, `avatarcategory`, and `lid` parameters in the respective modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 6.x through 7.6 **Description** The issue allows remote attackers to obtain sensitive information via a direct request to certain modules, which reveals the path in a PHP error message. This can be achieved by accessing (1) index.php with the `forum admin` parameter set, (2) the Surveys module, or (3) the Your Account module. **Recommendations** For PHP-Nuke versions 6.x through 7.6, consider restricting access to the Surveys and Your Account modules, and avoid using the `forum admin` parameter in index.php until a fix is available. As a temporary workaround, restrict direct requests to these modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke version 7.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters, including `bid` in the EmailStats operation, `ratenum` in the TopRated and MostPopular actions, `ttitle` in several actions within the Web Links module, and `username` in the Your Account module. API Endpoints and variables involved include: - the `bid` parameter - the `ratenum` parameter - the `ttitle` parameter - the `username` parameter. **Recommendations** For PHP-Nuke version 7.6, consider disabling the vulnerable parameters `bid`, `ratenum`, `ttitle`, and `username` in their respective modules until a patch is available. Restrict access to the Web Links and Your Account modules to minimize the risk of exploitation. Avoid using the `bid`, `ratenum`, `ttitle`, and `username` parameters in the affected operations and actions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** paFileDB versions 3.1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `start` parameter to "pafiledb.php". The vulnerable files are "viewall.php" and "category.php". **Recommendations** For paFileDB versions 3.1 and earlier, consider restricting access to the `start` parameter in "pafiledb.php" to minimize the risk of exploitation. As a temporary workaround, avoid using the `start` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** paFileDB versions 3.1 and earlier **Description** The issue allows remote attackers to obtain sensitive information. This can be achieved via an invalid `str` parameter to "pafiledb.php" or through direct requests to various PHP files, including "viewall.php", "stats.php", "search.php", "rate.php", "main.php", "license.php", "category.php", "download.php", "file.php", "email.php", or "admin.php". These requests can reveal the path in a PHP error message. **Recommendations** For paFileDB versions 3.1 and earlier, update to a version later than 3.1 to resolve the issue. As a temporary workaround, consider restricting access to the mentioned PHP files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** paFileDB versions 3.1 and earlier **Description** The issue allows remote attackers to obtain sensitive information via a direct request to various PHP files, including "auth.php", "login.php", "category.php", "file.php", "team.php", "license.php", "custom.php", "admins.php", or "backupdb.php". These files can reveal the path in a PHP error message. **Recommendations** For paFileDB versions 3.1 and earlier, consider restricting access to the mentioned PHP files, such as "auth.php", "login.php", "category.php", "file.php", "team.php", "license.php", "custom.php", "admins.php", and "backupdb.php", to minimize the risk of exploitation. Additionally, ensure that PHP error messages are properly configured to prevent the disclosure of sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** paFileDB versions 3.1 and earlier **Description** A cross-site scripting (XSS) issue exists due to improper cleansing of the `$pageurl` variable in the `jumpmenu` function, allowing remote attackers to inject arbitrary web script or HTML via URL parameters. **Recommendations** For paFileDB versions 3.1 and earlier, update to a version that properly sanitizes user input to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.