CVE’s

Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter.

Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.

Cross-site scripting (XSS) vulnerability in the search module in Traindepot 0.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to index.php.

Directory traversal vulnerability in index.php in Traindepot 0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter.

SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.

PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.

SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.

SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.