Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection.This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.

Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.