SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string.

AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensitive information via a direct request for (1) adodb-access.inc.php, (2) adodb-ado.inc.php, (3) adodb-ado_access.inc, (4) adodb-ado_mssql.inc.php, (5) adodb-borland_ibase, (6) adodb-c

Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids ve

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) hea

SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.

Yerba SACphp 6.3 and earlier allows remote attackers to bypass authentication and gain administrative access via a galleta[sesion] cookie that has a value beginning with 1:1: followed by a username.

The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to cause a denial of service (restart) via a malformed response to a PASV command.