St@Rext

Name of the Vulnerable Software and Affected Versions: Neocrome Land Down Under (LDU) versions 8.x and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `w` parameter in the "journal.php" endpoint. Recommendations: For Neocrome Land Down Under (LDU) versions 8.x and earlier, consider restricting access to the "journal.php" endpoint until a patch is available. As a temporary workaround, avoid using the `w` parameter in the "journal.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Vt-Forum Lite versions 1.3 through 1.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `StrMes` parameter in "vf info.asp" or possibly a URL in the SRC attribute of an IFRAME element submitted to "vf newtopic.asp". **Recommendations** For versions 1.3 and 1.5, consider restricting access to the `vf info.asp` and `vf newtopic.asp` pages until a fix is available. As a temporary workaround, avoid using the `StrMes` parameter in the "vf info.asp" page. Restrict the submission of URLs in the SRC attribute of IFRAME elements to the "vf newtopic.asp" page to minimize the risk of exploitation.