WordPress versions less than 1.5.2 suffer from a full path disclosure vulnerability.
626b96e62c1bbb752059b1d5b069a1c5b3997b53b9a508350b7f65ef793b6b62
PunBB 1.2.6 suffers from a script injection flaw in its use of IMG tags.
76a92ae5e6fde10cb9ced424297930667ae0f73758379c6a6d9c3cb5473d861c
MetaCart e-Shop is susceptible to SQL injection and cross site scripting vulnerabilities.
5b1752bdc31faa1879fd8ae6525e8e6cfcd592f1d37994bb7c3c22ced414591b
SQL injection and cross site scripting vulnerabilities exist in ActiveBuyAndSell version 6.2.
c592a6b683d88e7fa532d3f0a9b9ee2e7214b8eb24a5a2409aa74d042cca2d84
A huge slew of SQL injection flaws exist in the DUWARE product inline, including but not limited to DUportal Pro, DUamazon Pro, and more.
b9a175c9a04f64a3b6e047dd00a5d5013be3da2b677958ed5ae9348960834bb3
Multiple SQL injection vulnerabilities exist in Ublog Reload version 1.0.5.
8b1fbfc37efa583b7a759ad77da415d492a4b2b221e716e0c1939c405fa6da1e
Liberum Help Desk versions greater than 0.97.3 suffer from various cross site scripting and SQL injection flaws.
ae3bd0ffd9766b0ca2785b8a44477de717a158204014b0c3bca4a54a2df68d73
Exponent CMS version 0.95 is susceptible to full path disclosure and cross site scripting vulnerabilities.
cba48bf52bb176ac8e8bda738703049a1c0e2915e1885ece04e0b5b76e7fb5a5
paFileDB 3.1 has a couple vulnerabilities that allow for admin password hash retrieval and full path disclosure.
7941c69e2c5585e3dd631051168d891a80082570eee9864842499d58fad048a2
JAF CMS is susceptible to path disclosure and directory traversal attacks.
7072af4eb62c08137389015e4f2b4cd7805e59cbb744ba7cd4239a01a4338488
AJ-Fork version 1.67 is susceptible to path disclosure, directory listing, backup directory access, and other flaws that allow access to database files. Exploitation provided.
8ec6b8d2a7db3b1b263f522b3d69c5e2539d1001dc807514dad9cd3127bed9d8
1n BBS E-Market Professional is susceptible to remote command execution vulnerabilities via remote file inclusion and also has a full path disclosure flaw.
3d4f0cad3bf5909482a41b6cd90458a4c7d884937342ee058bb2ffbf732e9cd2
YABBSE 1.5.1 is susceptible to a full path disclosure flaw.
808d9da033aa558f922dc12bcc718aa04988bf14d7ac1d1f17867f1243794e6d
PHP-Fusion version 4.00 has a full path disclosure vulnerability and a flaw that allows an attacker to download the database backup file that can be used to gain administrative access.
fd86bda119a57bd26be037bf969a91bac23833996dd042ce8a6c44eff41ef812
JetboxOne CMS version 2.0.8 keeps system passwords in an unencrypted state and also has a remote code execution flaw.
b1e5dc4defffff99c27ff9d8f7a58a28058aa20c7886e2691265f0547b90ded7