Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.

SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.

SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).

SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.

SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.

PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter.

PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI before 7.7.14 allow remote attackers to hijack the authentication of users for unspecified requests via unknown vectors.

SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.