Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) popup.php, (2) test/dir2.php, (3) admin/upload.php, and (4) dirxml.php in upload/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.

SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.

PHP remote file inclusion vulnerability in configure.php in Vu Le An Virtual Path (VirtualPath) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.

SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.

vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.

SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie.

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.