The administration interface in the Planet VC-200M VDSL2 router allows remote attackers to cause a denial of service (administration interface outage) via an HTTP request without a Host header.

PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter.

admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.

PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.

Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) image and (2) PublisedDate parameters.

PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page.

Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.

planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php.

Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial port to gain privileges.