SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. Date published : 2008-01-04 http://www.securityfocus.com/bid/27084 https://www.exploit-db.com/exploits/4823
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter. Date published : 2008-01-04 http://www.securityfocus.com/bid/27085 https://www.exploit-db.com/exploits/4824
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. Date published : 2008-01-04 http://www.securityfocus.com/bid/27088 https://www.exploit-db.com/exploits/4826
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid...
Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash...
2z project 0.9.6.1 allows attackers to change the password without supplying the old password. Date published : 2008-01-04 http://www.securityfocus.com/bid/27057 http://www.securityfocus.com/archive/1/485590/100/0/threaded
2z project 0.9.6.1 allows remote attackers to obtain sensitive information via (1) a request to index.php with an invalid template or (2) a request to the default URI with certain year and month parameters,...
Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default...
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page. Date published : 2008-01-04 http://www.securityfocus.com/bid/27069 http://www.securityfocus.com/archive/1/485633/100/0/threaded
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter. Date published : 2008-01-04...
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. Date published : 2008-01-04 http://www.securityfocus.com/bid/27074 http://blog.cmsmadesimple.org/2008/01/02/announcing-cms-made-simple-123/
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. Date published : 2008-01-04 http://www.securityfocus.com/bid/27075 https://www.exploit-db.com/exploits/4811
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the...
Directory traversal vulnerability in download.php in Mihalism Multi Host 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Date published : 2008-01-04 http://www.securityfocus.com/bid/27076 https://www.exploit-db.com/exploits/4812