Zero_X

**Name of the Vulnerable Software and Affected Versions** ezContents version 2.0.3 **Description** The issue is related to multiple directory traversal vulnerabilities that allow remote attackers to include and execute arbitrary local files. This is due to the lack of directory traversal protection in modules/moduleSec.php. The vulnerable parameters include `gsLanguage`, `language home`, `admin home`, and `nLink` in various PHP files such as showdiary.php, showdiarydetail.php, submit diary.php, news summary.php, and inlinenews.php. Other potential vectors exist in unspecified files within the modules/ directory. **Recommendations** For ezContents version 2.0.3, consider disabling the vulnerable parameters `gsLanguage`, `language home`, `admin home`, and `nLink` in the affected PHP files until a patch is available. Restrict access to the modules/ directory to minimize the risk of exploitation. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezContents version 2.0.3 **Description** The issue allows remote attackers to bypass directory traversal protection and include and execute arbitrary local files. This is achieved by using "....//" (doubled dot dot slash) sequences in the `link` parameter, which is not properly filtered using the `str replace` function. **Recommendations** For ezContents version 2.0.3, consider temporarily restricting access to the `module.php` file until a proper fix is applied, and ensure that the `link` parameter is properly sanitized to prevent directory traversal attacks.

**Name of the Vulnerable Software and Affected Versions** ezContents module.php (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `link` parameter in `module.php` to reference a URL on a remote web server that contains the code. This can be done by exploiting the PHP remote file inclusion vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crob FTP Server version 2.60.1 **Description** The issue allows remote authenticated users to cause a denial of service by renaming a file to the "con" MS-DOS device name, resulting in a crash. **Recommendations** For Crob FTP Server version 2.60.1, consider restricting file renaming operations to prevent the denial of service condition until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Crob FTP Server version 2.60.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by utilizing specific sequences in FTP commands. This can be achieved by including `%s` or `%n` sequences in the username during the login process or in other FTP commands, such as the dir command. **Recommendations** For Crob FTP Server version 2.60.1, as a temporary workaround, consider restricting the use of the username field and other FTP commands to minimize the risk of exploitation. Avoid using the `username` variable in the affected FTP login endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.