SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.

SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.

SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.

Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb.

KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb.

Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.

LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb.

Erolife AjxGaleri VT stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/ajxgaleri.mdb.

UranyumSoft Listing Service stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/db.mdb.

Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.