SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.

profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.

SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.

Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.

Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER...

Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter t...

PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remo...

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was ...

SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.

Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP reques...

SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.

SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.

PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to referenc...

AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.

SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.

SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.

Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.

SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project paramet...

Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions.

SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.

WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.

init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.

Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show pa...