NVD-CWE-Other

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.

DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.