bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell...

SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.

Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.

PHP remote file inclusion vulnerability in libraries/grab_globals.lib.php in ComVironment 4.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.

Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.

Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%2...

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the b...

SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."

The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.

Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via th...

Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these is...

Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors.

Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/tab...

SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_cl...

Unrestricted file upload vulnerability in index.php in phpBP RC3 (2.204) and earlier allows remote administrators to inject arbitrary PHP code into an upload/banners/ file via a banners add operation ...

SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows remote attackers to execute arbitrary SQL commands via the comment forum.

Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.

PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter.

PHP remote file inclusion vulnerability in lang/index.php in Oreon 1.2.3 RC4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

PHP remote file inclusion vulnerability in frontpage.php in Uberghey CMS 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the setup_folder parameter.

Unspecified vulnerability in the FTP server implementation in HP Jetdirect firmware x.20.nn through x.24.nn allows remote attackers to cause a denial of service via unknown vectors.