phpEventCalendar version 0.2 does not check title and event text when the data is inserted in the database, allowing for arbitrary HTML injection.
e8a699fef2e513e4378aa82199db727c3e572800b81722fc116d8c0e405fae00
Minis 0.2.1 suffers from a directory traversal flaw that allows for viewing of files outside of the webroot. If the server does not have access to the file, it enters into a loop causing a denial of service.
bc6ce20ca36bb68498535718c232cac09a37599b8dae319f5270eaad999cd7b2
phpGiftReq 1.4.0 suffers from multiple SQL injection flaws that allow for manipulation of the database.
ccab1b3b37dc00b2ce75e69c79399eccdef31a6d7916011f4463b9fbd94ccd62
SPHPBlog 0.3.7c is susceptible to a directory traversal attack. Fixed in release 0.3.7r2.
e36068983fcd00d46f6dcd628206297051c8060e3793ed88228add5b177e6284
QWikiwiki 1.4.1 is susceptible to a directory traversal vulnerability. Detailed exploitation provided.
f121585069294006535400bd7a8b1c2c83396b02c0c3208da56c9250f1e05e40