HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side.

Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute.

Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value.

Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CRLF injection vulnerability in cryptographp.inc.php in Cryptographp allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the cfg parameter.

conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by sys_libs/umlib/um_authserver.inc.php and certain other files.

AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by inc/poll_vote.php and certain other files.

SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.