Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php.

PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter.

SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters.

Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.

SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.

SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.

SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.

SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.

Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument.

Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.

Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.

Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php.

SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.

NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site.

Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.

SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.