Stack

**Name of the Vulnerable Software and Affected Versions** MegaLab The Uploader version 2.0 **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the `filename` parameter of the "api/download checker.php" API endpoint. **Recommendations** For MegaLab The Uploader version 2.0, consider restricting access to the "api/download checker.php" endpoint until a patch is available, and avoid using the `filename` parameter with untrusted input to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OtsAV DJ trial version 1.85.64.0 OtsAV Radio trial version 1.85.64.0 OtsAV TV trial version 1.85.64.0 OtsAV Free version 1.77.001 **Description** The issue is a heap-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by using a long playlist in an Ots File List (.ofl) file. **Recommendations** For OtsAV DJ trial version 1.85.64.0, update to a version that fixes this issue. For OtsAV Radio trial version 1.85.64.0, update to a version that fixes this issue. For OtsAV TV trial version 1.85.64.0, update to a version that fixes this issue. For OtsAV Free version 1.77.001, update to a version that fixes this issue. As a temporary workaround, consider restricting the use of long playlists in .ofl files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xerver HTTP Server version 4.32 **Description** A directory traversal issue allows remote attackers to read arbitrary files by providing a full pathname with a drive letter in the `currentPath` parameter within a chooseDirectory action. **Recommendations** For Xerver HTTP Server version 4.32, consider restricting access to the chooseDirectory action or validating the `currentPath` parameter to prevent directory traversal attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xerver HTTP Server version 4.32 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `currentPath` parameter in a "chooseDirectory" action. **Recommendations** For Xerver HTTP Server version 4.32, avoid using the `currentPath` parameter in the affected chooseDirectory action until a fix is available. Consider restricting access to this action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Telephone Directory 2008 **Description** The issue allows remote attackers to delete arbitrary contacts by making a direct request to the `del query1.php` endpoint with a modified `id` variable. **Recommendations** For Telephone Directory 2008, to mitigate this issue, consider restricting access to the `del query1.php` endpoint until a proper fix is applied, and validate the `id` variable to prevent unauthorized modifications.

**Name of the Vulnerable Software and Affected Versions** Butterfly Organizer version 2.0.0 **Description** The issue allows remote attackers to perform unauthorized actions. This includes deleting arbitrary categories by modifying the `tablehere` parameter in the "category-delete.php" endpoint with `is js confirmed` set to 1, or deleting arbitrary accounts via the `mytable` parameter in the "delete.php" endpoint. **Recommendations** For Butterfly Organizer version 2.0.0, as a temporary workaround, consider restricting access to the "category-delete.php" and "delete.php" endpoints until a patch is available. Avoid using the `tablehere` and `mytable` parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WeBid auction script version 0.5.4 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the "item.php" file. **Recommendations** For WeBid auction script version 0.5.4, consider restricting access to the `id` parameter in the "item.php" file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Libra File Manager versions 1.18 and earlier **Description** The issue allows remote attackers to bypass authentication and gain privileges. This can be achieved by setting the `user` and `pass` cookies to 1. **Recommendations** For Libra File Manager versions 1.18 and earlier, consider updating to a version that contains a fix for this issue, however at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to sensitive areas of the application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RPG.Board versions 0.8 Beta2 and earlier **Description** The issue allows remote attackers to bypass authentication and gain privileges by setting the `keep4u` cookie to a certain value. **Recommendations** For RPG.Board versions 0.8 Beta2 and earlier, consider restricting access to sensitive areas of the application until a patch is available. As a temporary workaround, avoid using the `keep4u` cookie or restrict its modification to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Free PHP VX Guestbook version 1.06 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `admin name` and `admin pass` cookie values to 1. **Recommendations** For Free PHP VX Guestbook version 1.06, as a temporary workaround, consider restricting access to administrative functions until a patch is available. Avoid using the `admin name` and `admin pass` cookie values to authenticate users in the affected version. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Joomla! (affected versions not specified) **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `task` parameter in a `showpic` action to `index.php`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ARD-9808 DVR card (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service. This can be achieved by sending a long URI composed of '//.' (slash slash dot backslash) sequences. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CoolPlayer+ Portable version 2.19.1 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved via a skin file, specifically `skin.ini`, that contains a large `PlaylistSkin` parameter. **Recommendations** For CoolPlayer+ Portable version 2.19.1, consider avoiding the use of skin files with large `PlaylistSkin` parameters until a fix is available. As a temporary workaround, restrict the use of skin files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: MyShoutPro version 1.2 Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `admin access` cookie to 1, effectively granting unauthorized users administrative privileges. Recommendations: For MyShoutPro version 1.2, consider disabling the use of the `admin access` cookie until a patch is available to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Easy RM to MP3 Converter (affected versions not specified) **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by using a long filename in a playlist (.pls) file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Diesel Job Site (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands via the `job id` parameter in the jobs/jobseekers/job-info.php file. This can lead to unauthorized access and manipulation of sensitive data. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 6rbScript version 3.3 Description: A directory traversal issue exists in the section.php file of 6rbScript, allowing remote attackers to read arbitrary files when magic quotes gpc is disabled. This is achieved by including a .. (dot dot) in the `name` parameter. Recommendations: For 6rbScript version 3.3, consider disabling the section.php file or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue. As a temporary workaround, avoid using the `name` parameter in the affected section.php file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Explay CMS versions 2.1 and earlier Description: The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `login` cookie to `1`, effectively allowing unauthorized access to administrative functions. Recommendations: For Explay CMS versions 2.1 and earlier, update to a version later than 2.1 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to administrative functions until a patch is available.

Name of the Vulnerable Software and Affected Versions: Social Site Generator (SSG) version 2.0 Description: The issue allows remote attackers to read arbitrary files. This is achieved via the `file` parameter to several API endpoints: "filedload.php", "webadmin/download.php", and "webadmin/download file.php". Recommendations: For Social Site Generator (SSG) version 2.0, as a temporary workaround, consider restricting access to the `file` parameter in the affected API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WSN Links Free version 4.0.34P **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the `id` parameter in the comments.php file. **Recommendations** For WSN Links Free version 4.0.34P, avoid using the `id` parameter in the comments.php file until a patch is available. As a temporary workaround, consider restricting access to the comments.php file to minimize the risk of exploitation.