Tiger-Dz

Name of the Vulnerable Software and Affected Versions: akPlayer version 1.9.0 Description: The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a long string in a .plt playlist file. Recommendations: For akPlayer version 1.9.0, consider avoiding the use of .plt playlist files with long strings until a patch is available. As a temporary workaround, restrict access to files that could potentially trigger the buffer overflow to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zen Help Desk version 2.1 **Description** The issue concerns SQL injection vulnerabilities in the adminlogin.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the `userid` (also known as `username`) and `PassWord` parameters in the admin.asp file. **Recommendations** For Zen Help Desk version 2.1, consider restricting access to the adminlogin.asp file and avoid using the `userid` and `PassWord` parameters in the admin.asp file until a fix is available. As a temporary workaround, restrict the input for these parameters to minimize the risk of SQL injection attacks.

**Name of the Vulnerable Software and Affected Versions** R2 Newsletter Lite, Pro, and Stats (affected versions not specified) **Description** The issue allows remote attackers to download the database file via a direct request for admin.mdb, as sensitive information is stored under the web root with insufficient access control. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** AWScripts.com Gallery Search Engine version 1.5 **Description** The issue allows remote attackers to bypass authentication and gain administrative access. This is achieved by setting the `awse logged` cookie to 1, which enables unauthorized access to the admin interface. **Recommendations** For version 1.5, consider temporarily disabling the admin interface until a patch is available. Restrict access to the admin interface to minimize the risk of exploitation. Avoid relying on the `awse logged` cookie for authentication until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: PAD Site Scripts version 3.6 Description: The issue allows remote attackers to download the database and obtain sensitive information via a direct request for 'dbbackup.txt' due to insufficient access control of sensitive information stored under the web document root. Recommendations: For PAD Site Scripts version 3.6, consider restricting access to the 'dbbackup.txt' file to prevent unauthorized downloads until a proper fix is applied. As a temporary workaround, moving sensitive files outside of the web document root or implementing proper access controls can help mitigate the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 2daybiz Template Monster Clone (affected versions not specified) Description: The issue concerns a lack of administrative authentication in the admin/edituser.php file, allowing remote attackers to modify arbitrary accounts. This can be achieved by manipulating the `loginname`, `password`, `email`, `firstname`, or `lastname` parameters. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Wright Way Services Recipe Script version 5 Description: The issue concerns SQL injection vulnerabilities in the admin/login.php file. Remote attackers can execute arbitrary SQL commands via the `username` and `password` fields, which are accessible from admin/index.php. Recommendations: For Wright Way Services Recipe Script version 5, consider temporarily restricting access to the admin/login.php file until a patch is available. As a mitigation measure, avoid using the `username` and `password` fields in the affected admin/login.php file until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Business Community Script (affected versions not specified) Description: The issue is related to improper access restriction in the admin/adminaddeditdetails.php file, allowing remote attackers to gain privileges and add administrators via a direct request to the "/admin/adminaddeditdetails.php" API endpoint. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 2daybiz Business Community Script (affected versions not specified) Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `mid` parameter in the admin/member details.php file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Techno Dreams Job Career Package version 3.0 Description: The issue allows remote attackers to bypass authentication and obtain administrative access. This is achieved by setting the `JobCareerAdmin` cookie to `Login`, effectively granting unauthorized access to administrative functions. Recommendations: For Techno Dreams Job Career Package version 3.0, consider disabling the use of the `JobCareerAdmin` cookie until a patch is available to prevent unauthorized administrative access.

Name of the Vulnerable Software and Affected Versions: Job Board Software version 2.0 Description: The issue allows remote attackers to change the administrator password and gain administrator privileges via a direct request to the 'admin/changepassword.php' endpoint. Recommendations: For Job Board Software version 2.0, consider restricting access to the 'admin/changepassword.php' endpoint until a patch is available. As a temporary workaround, limit the ability to change the administrator password to prevent unauthorized access.