SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.

SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.

SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.

SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.

SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.

SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it.