Input passed to the IP parameter in mw_plugin.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local and remote resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerable version is 1.2.3 and below.
FCKeditor is prone to an arbitrary-file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.
This module exploits a SQL Injection vulnerability in Drupal.An attacker can send a specially crafted data and execute arbitrary SQL commands leading to remote code execution.
Unspecified input is not properly sanitised before being returned to the user via a "standard_error_message" template. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 2.12.2, 2.11.5 and 2.10.21. Other versions may also be affected. Once the vulnerability is confirmed by Core Impact, if you want to check this exploit manually, replace the "REPLACE" keyword with "%80".