Stefan Schurtz

**Name of the Vulnerable Software and Affected Versions** Ariadne version 2.7.6 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `PATH INFO` parameter to API endpoints such as "index.php" and "loader.php". **Recommendations** For Ariadne version 2.7.6, consider restricting access to the `PATH INFO` parameter in the affected API endpoints "index.php" and "loader.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Quick Post Widget plugin version 1.9.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `Title`, `Content`, or `New category` field to "wordpress/" or the query string to "wordpress/". This can lead to cross-site scripting (XSS) attacks. **Recommendations** For Quick Post Widget plugin version 1.9.1, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the vulnerable fields, such as `Title`, `Content`, and `New category`, to minimize the risk of XSS attacks. Avoid using the query string to "wordpress/" with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ATutor versions prior to 2.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the PATH INFO to various files, including "themes/default/tile search/index.tmpl.php", "login.php", "search.php", "password reminder.php", "login.php/jscripts/infusion", "login.php/mods/ standard/flowplayer", "browse.php/jscripts/infusion/framework/fss", "registration.php/themes/default/ie styles.css", "about.php", or "themes/default/social/basic profile.tmpl.php". **Recommendations** For ATutor versions prior to 2.1, update to version 2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the mentioned files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WordPress Integrator module version 1.32 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `redirect to` parameter to "wp-login.php". **Recommendations** For WordPress Integrator module version 1.32, avoid using the `redirect to` parameter in the "wp-login.php" endpoint until the issue is resolved. Consider temporarily restricting access to the wp-integrator.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Seotoaster versions 1.9 and earlier **Description** The issue concerns SQL injection vulnerabilities in the selectUserIdByLoginPass function. Remote attackers can execute arbitrary SQL commands via the `login` parameter to "sys/login/index" or the `memberLoginName` parameter to "sys/login/member". **Recommendations** For Seotoaster versions 1.9 and earlier, as a temporary workaround, consider disabling the `selectUserIdByLoginPass` function until a patch is available. Restrict access to the "sys/login/index" and "sys/login/member" API endpoints to minimize the risk of exploitation. Avoid using the `login` and `memberLoginName` parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PHP Address Book versions 6.2.12 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `to group` parameter to "group.php" or the `id` parameter to "vcard.php". **Recommendations** For PHP Address Book versions 6.2.12 and earlier, consider restricting access to the "group.php" and "vcard.php" scripts until a patch is available. As a temporary workaround, avoid using the `to group` and `id` parameters in the affected API endpoints.

**Name of the Vulnerable Software and Affected Versions** PHP Address Book versions 7.0 and earlier **Description** A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the `from` parameter in preferences.php. **Recommendations** For PHP Address Book versions 7.0 and earlier, update to a version later than 7.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MarkAny ContentSAFER versions prior to 1.4.2012.508 Samsung KIES versions prior to 2.3.2.12074 13 13 **Description** The issue allows remote attackers to download and execute an arbitrary program onto a client machine via a crafted HTML document, due to the MASetupCaller ActiveX control not properly implementing unspecified methods. **Recommendations** For MarkAny ContentSAFER versions prior to 1.4.2012.508, update to version 1.4.2012.508 or later. For Samsung KIES versions prior to 2.3.2.12074 13 13, update to version 2.3.2.12074 13 13 or later.

**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 1.6.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `serendipity[textarea]` parameter in the serendipity admin image selector.php file. This issue might be related to cross-site request forgery (CSRF). **Recommendations** For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the serendipity admin image selector.php file to minimize the risk of exploitation. Avoid using the `serendipity[textarea]` parameter in the affected file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Serendipity versions prior to 1.6.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `serendipity[plugin to conf]` parameter in the serendipity admin.php file. This might be related to cross-site request forgery (CSRF). **Recommendations** For versions prior to 1.6.1, update to version 1.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the serendipity admin.php file to minimize the risk of exploitation. Avoid using the `serendipity[plugin to conf]` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** AlienVault Open Source Security Information Management (OSSIM) version 3.1 **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `time[0][0]` parameter in the forensics/base qry main.php file. **Recommendations** For AlienVault Open Source Security Information Management (OSSIM) version 3.1, consider restricting access to the `time[0][0]` parameter in the forensics/base qry main.php file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AlienVault Open Source Security Information Management (OSSIM) version 3.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters, including the `url` parameter to "top.php" or the `time[0][0]` parameter to "forensics/base qry main.php". This occurs because the parameters are not properly handled in an error page, leading to potential cross-site scripting (XSS) attacks. **Recommendations** For AlienVault Open Source Security Information Management (OSSIM) version 3.1, consider restricting access to the "top.php" and "forensics/base qry main.php" pages until a proper fix is applied, and avoid using the `url` and `time[0][0]` parameters in these pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PHP Address Book versions 7.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the PATH INFO to "group.php", or the `target language` or `target flag` parameter to "translate.php". **Recommendations** For PHP Address Book versions 7.0 and earlier, update to a version later than 7.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Beehive Forum version 1.0.1 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved by manipulating the PATH INFO to specific API endpoints, such as "forum/register.php" or "forum/logon.php". **Recommendations** For Beehive Forum version 1.0.1, consider restricting access to the `forum/register.php` and `forum/logon.php` endpoints until a patch is available. As a temporary workaround, avoid using these endpoints to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** osCSS2 versions 2.1.0 and earlier **Description** A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the ` ID` parameter to either "catalog/shopping cart.php" or "catalog/content.php" endpoints. **Recommendations** For osCSS2 versions 2.1.0 and earlier, consider restricting access to the ` ID` parameter in the affected endpoints until a patch is available. As a temporary workaround, avoid using the ` ID` parameter in "catalog/shopping cart.php" and "catalog/content.php" to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Contao versions prior to 2.10.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to index.php in specific actions, such as teachers.html or teachers/. This can lead to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 2.10.2, update to version 2.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file for the teachers.html and teachers/ actions until a patch is available. Avoid using the PATH INFO to index.php in these actions to minimize the risk of exploitation.