#git

Unauthenticated attackers can exploit a weakness in the password reset functionality of the Visual Planning application in order to obtain access to arbitrary user accounts including administrators. In case administrative (in the context of Visual Planning) accounts are compromised, attackers can install malicious modules into the application to take over the application server hosting the Visual Planning application. All versions prior to Visual Planning 8 (Build 240207) are affected.

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/racer.inc.

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in print/render/award.inc.

DerbyNet 9.0 suffers from a remote SQL injection vulnerability in ajax/query.slide.next.inc.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in playlist.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in racer-results.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo-thumbs.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in checkin.php.

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in photo.php.