Sourceforge

Yot CMS 3.3.1 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters in GET requests, potentially leading to database information disclosure.

SIPp 3.6 and earlier contains a local buffer overflow vulnerability (CVE-2018-25356) in command-line argument handling, allowing local attackers to potentially crash the application or execute arbitrary code by supplying oversized input to the -3pcc, -i, or -log_file parameters.

PHP Timeclock 1.04 is vulnerable to time-based and boolean-based blind SQL injection in the login_userid parameter of login.php, allowing unauthenticated attackers to extract sensitive database information by sending crafted POST requests with SQL payloads.