Flatnuke3 - Information Exposure via File Manager Invalid Argumentname Parameter
index.php in the File Manager module in Flatnuke 3 allows remote attackers to obtain sensitive information via an invalid argumentname parameter in a disc op action, which reveals the path in an error message.
MWOpen e-commerce 1.4 - SQL Injection via leggi_commenti.asp id Parameter
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.