35mmslidegallery version 6 is susceptible to cross site scripting flaws.
f76f4284c20ec304dc139f6ce8ee8efe7394ec7744c54282a9698e085cbf1fa4
VBZooM versions 1.11 and below suffer from SQL injection flaws in subject.php.
2009f46c760a26b34e17b63b3d3fcbc1f80efeb6aa07cb60246c01fe0ace0ef1
VBZooM versions 1.02 and below suffer from SQL injection flaws in meaning.php.
f4fe7741a309eee7cfb5dde51d8fad86816bbd4c28da4ef0f9a0146a26523a59
VBZooM versions 1.01 and below suffer from a SQL injection flaw in language.php.
bf2d3313ade03f80ec4b52d1f7b1c78fe9bd912a15778b0bbf76ffc0490b4608
VBZooM versions 1.11 and below suffer from SQL injection flaws in show.php.
e0725677ec93440ef3c37dc91c51a039f9e7b80c6b185571ef00df7cc5cbb8f3
All versions of Simpnews appear to still have a remote file inclusion flaw utilized via the path_simpnews variable.
2fe74ff84b4a5493d6a42012a105920e08e06244ff201e0cb391c1e9aa28ef56
PHPAskIt versions 2.0.1 and below are susceptible to remote file inclusion vulnerabilities.
395fdde587da5932865555601632c5b8285b4e90fc72528b9c9f0026900ae2e1
Web-CMS version 1.0 is susceptible to a SQL injection flaw in print.php.
a8ea86ea55266ee85340f5e1e728150c4cd910c914ff08c118d4494e6c12f618
blur6ex versions 0.3.462 and below 'ID' blind SQL injection exploit.
1baf74f97262375e0a19a50eeb7fd3206729dfab203132093c47363ab30365a2
SixCMS versions 6 and below suffer from cross site scripting and directory traversal vulnerabilities.
86aea3765b602c514f871245245d4951c1218ff5a8916614b44e8a91ac8aa268
Secunia Research has discovered a vulnerability in MyBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the username field when registering is not properly sanitized before being used in a "preg_replace" call with the "e" modifier in the "domecode()" function in inc/functions_post.php. This can be exploited to execute arbitrary PHP code by first registering with a specially crafted username and then previewing a post containing the "/slap" string. The vulnerability has been confirmed in version 1.1.2. Prior versions may also be affected.
c59306225b180770f26b6156627ae47fc1bec7b713c1aec00ae29f93c21adac2
Wondjina is basic proof of concept Perl code to show that binary files can be tunneled in a stealthy manner by using the HTTP/1.1 "entity tag" as a covert channel.
11dfdc9aa4906fd793861ee27ec16ec9252bfdd67d10ad6d05e4aa74aa9f3811
Foing versions 0.7.0 and below suffer from a remote file inclusion flaw via manage_songs.php.
98959bce106c21ed45ed369c67fcce580d0c4976535cbcf399023c731008b1c6
Myscrapbook version 3.1 is susceptible to cross site scripting attacks.
f16830787418a1934e658bf2a304763b0be0ee0d7ffe05e719b5d5faadfd175c
Invision Power Board versions 2.1.6 and below suffer from a cross site scripting flaw in admin.php.
c07a7f027e5e7518da59301a93c105b336c8f3b2ba4012384d22f46ce44f3c0a