Assetman versions less than or equal to 2.4a suffer from XSS
dc337d0124896458c62eeb557f6ebb2f3ed02cb07f2cb395117163b9a5e531c0
ByteHoard versions less than or equal to 2.1 suffers from directory transversal and XSS vulnerabilities.
0002e3c4b7f265a67c5420f1a9b72b52d513da2420e371bbea1d51b6e6090af1
PHP AGTC-Membership system versions less than or equal to v1.1a suffers from XSS.
dba3b6e85133aaf5882ee89ba151530f3896b4db1b67139964335eff2dcd0dda
PHPResidence versions less than or equal to 0.6 does not sanitize any of its input leading to many XSS vulnerabilities.
2607ed6e0b911413d8a9bba2b4f87d9f310b44162d746c1f3979dcadae22d24a
SkyeShoutbox versions less than or equal to v.1.2.0 suffer from many XSS vulnerabilities.
0305dc41e1989aa51722e8ef090fda84d2b63deee941e08005d8da7e16fa1425
Russcom's Ping script allows attackers to execute arbitrary code.
6a93f81d3833f912412a0d83b1b441227851c971474873060ae3e763b36a4444
Russcom PHPImages doesn't validate if the uploaded file is an image, it just checks for the extension, thus allowing an attacker to upload php scripts with a .gif extension for example.
b12cddc45b0dd185a0187603f5b98e3caf736b91cd939bcd1905d29bab5a461d
QBv14 suffers from many XSS vulnerabilities.
69b8d09292a69c4978f944ae5009413c1ccb3ce4685ac5c8417a675ebb65eb96
IpLogger versions less than or equal to 1.7 suffer from XSS
17f96b06f013caa46f09f73a0761e3a63e0c80b8a0869d92f3f5ebceaf69fa6b
DSChat versions less than or equal to 1.0 suffer from XSS
00bb1fc02854c2243b9544458f7238d290666cc9eb3930b998b26e33d64e137b
X7Chat versions 2.0.2 and below suffer from cross site scripting flaws.
a27552747b99f74782585acc56116be0de958712e09a10cf260cb6414a449813
WebsiteBaker CMS allows for injection of HTML and javascript.
16c209df6f3f3b2082a5395d9ff1cf10146b9f3cdaddc85387fcdb2953e9554d
VisionSource CMS versions 0.6 and below suffer from cross site scripting flaws.
c059b2ab89d1d3daccd442ad939d4364b05dec802fd247b03dbde2ba925072f7
PassMasterFlex suffers from cross site scripting flaws.
e6eccd95311e6e7c124d1aea8916c940bb438076e1e17d1d58e39768d90e0109
myBloggie versions 2.1.3 and below suffer from cross site scripting flaws.
250ee007879282d10c62b89ebb52948f314f5586726780295ec33a3769ce53ca
FlexCustomer versions 0.0.4 and below suffer from SQL injection flaws.
9844b12ce1c067e9cded58c227aea07123fb501bf77349e0822443e20efd3dd1
ChipmunkBoard suffers from SQL injection flaws.
8e48025ab789e02d66182537ffeacdf36f3fb1d66d3f0e518740d807b296e26b
ChipmunkBlogger suffers from a lack of input sanitizing.
d4d3e44bb90e99c4147fcc4fd2c26662900e5f481f9768d293ad592060052ece
TyroCMS Beta version 1.0 suffers from multiple cross site scripting flaws.
57b11118ccdcc7aaf33823cb1ef62a6731237a65b2e87c0fee5e8a4157576632
Russcom.net's Loginphp script is susceptible to cross site scripting attacks and mail spoofing.
cd453c7c62a00d395e9326ffe6e452882e4e9158a4b0036bfe08d7afc8c4195e
FileProtection Express versions 1.0.1 and below suffer from a simple authentication bypass flaw.
88eb93b8539089eae28aba33d9df8255655319638aa27c7f02468ac2286966ad
SF-Users version 1.0 suffers from a cross site scripting flaw.
9db996c873bb78074871178eb22cb98dce02db5e471b21a7f9d65ff742e8992e
Cmscout versions 1.10 and below suffer from multiple cross site scripting flaws.
e451fea6a96897814dee101d01f448a7cce90b2947ade84e61dd0a2f2f12dec6
Jupiter CMS versions 1.1.5 and below suffer from multiple cross site scripting attack vectors. Details provided.
1f79e4a03638be31b3768bc68f04efa0e0ddce94f173c1dc73c554c773f95dce