CVE’s

Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.

SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

Cross-site request forgery (CSRF) vulnerability in the xslt script in the web-based management interface on the 2wire 1701HG, 1800HW, 2071HG, and 2700HG with firmware 3.17.5, 3.7.1, 4.25.19, or 5.29.51 allows remote attackers to hijack the intranet connectivity of arbitrary users for requests that cause a denial of service (network outage) via a page parameter with a % (percent) character followed by a non-alphanumeric character.

Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix."

Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to obtain the real IP address of users via unknown vectors.

Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."

Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."