PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates th

Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cr

Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected ba

Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) sho

Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce Scripts Shopping Cart Script, Multi-Vendor E-Shop Script, and Auction Script allow remote attackers to execute arbitrary SQL commands via the (1) EmailAdd (Username) and (2) Pass (pas

Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained from third party in

SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/></> sequence in the search string.

SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.

SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Multiple cross-site scripting (XSS) vulnerabilities in uploader/index.php in Webbler CMS before 3.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) login parameter.

Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas Ziyaretci Defteri 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) Pass fields.

Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.p

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow.