SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to inject arbitrary web script or HTML via the x parameter.
Phlatline Personal Information Manager - Path Traversal
Directory traversal vulnerability in notes.php in Phlatline's Personal Information Manager (pPIM) 1.01 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter in an edit action.