CVE’s

SQL injection vulnerability in default.asp in Openasp 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idpage parameter in the pages module.

SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.

Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php.

SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter.

Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in Pluck 4.5.3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the g_pcltar_lib_dir parameter.

Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 allows local users to execute arbitrary code and gain privileges via a long -k option.

PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.

SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.

SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.