Stormboy

**Name of the Vulnerable Software and Affected Versions** MT Orumcek Toplist version 2.2 **Description** The issue allows remote attackers to obtain sensitive information via a direct request due to insufficient access control of the DB/orumcektoplist.mdb file stored under the web root. **Recommendations** For version 2.2, restrict access to the DB/orumcektoplist.mdb file to prevent direct requests, or consider relocating the file outside of the web root to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RW::Download (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `root path` parameter when `register globals` is enabled. This is related to a remote file inclusion vulnerability in the `stats.php` file. **Recommendations** As a temporary workaround, consider disabling the `register globals` setting until a patch is available. Restrict access to the `stats.php` file to minimize the risk of exploitation. Avoid using the `root path` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Webvizyon Portal 2006 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `ID` parameter in the "SayfalaAltList.asp" file. **Recommendations** For Webvizyon Portal 2006, avoid using the `ID` parameter in the vulnerable "SayfalaAltList.asp" file until the issue is resolved. Restrict access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.