SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the "official twitter tweet button for your page" (tweetbutton) extension before 1.0.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the XING Button (xing) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

PHP remote file inclusion vulnerability in guestbook/gbook.php in Gaestebuch 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.

Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.

Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS 1.6 allows remote attackers to inject arbitrary web script or HTML via the sitetitle parameter.

Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.

Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.

PHP remote file inclusion vulnerability in formmailer.php in Kontakt Formular 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the script_pfad parameter.

Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.

Cross-site scripting (XSS) vulnerability in vodpod-video-gallery/vodpod_gallery_thumbs.php in the Vodpod Video Gallery Plugin 3.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gid parameter.

Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.

Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.

Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows attackers to have an unknown impact via a long filename.

SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.

Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply.

The generate_admin_password function in Cherokee before 1.2.99 uses time and PID values for seeding of a random number generator, which makes it easier for local users to determine admin passwords via a brute-force attack.

Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression.

Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486.

Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802.