Point Of Sales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.

Attendance Monitoring System 1.0 has SQL Injection via the 'id' parameter to student/index.php?view=view, event/index.php?view=view, and user/index.php?view=view.

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.

School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.

RhinOS 3.0 build 1190 allows CSRF.

Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.

SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably c

SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action.