SQL injection vulnerability in question.php in FAQEngine 4.16.03 and earlier allows remote attackers to execute arbitrary SQL commands via the questionref parameter in a display action.

The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.

Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before 0.3.5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to the /browse URI.

The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly have other unspecified impact.

Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657.

PHP remote file inclusion vulnerability in custom_vars.php in GlossWord 1.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the sys[path_addon] parameter.

Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 Beta4 allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as .php.jpg.

Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.

Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.

Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.

SQL injection vulnerability in index.php in the MyConference 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id_reserv parameter.

The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.

Unrestricted file upload vulnerability in Jetbox CMS allows remote authenticated users with author privileges to upload arbitrary scripts via unspecified vectors, which can be accessed in webfiles/. NOTE: this issue might be a duplicate of CVE-2004-1448.

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the (1) path parameter to view/search/; or the (2) companyname, (3) country, (4) email, (5) firstname, (6) middlename, (7) required, (8) surname, or (9) title parameter to view/supplynews/.

CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.

Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.