security curmudgeon

2 exploits Active since Dec 2005
CVE-2008-3058 EXPLOITDB text WRITEUP
Octeth Oempro 3.5.5.1 - SQL Injection via FormValue_Email or FormValue_SearchKeywords Parameter
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.
CVE-2005-4703 EXPLOITDB text WORKING POC
Apache Tomcat 4.0.3 - Info Disclosure
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.