Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows remote attackers to execute arbitrary SQL commands via the type parameter.

Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.

SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.

SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.