CVE List for October 2005 (283 vulnerabilities)

Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (...

Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query ...

Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web...

Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged i...

SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.

Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remo...

MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a dir...

Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote att...

Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing...

Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename.

Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot)...

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary c...

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnera...

Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers ...

The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the se...

The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SV...

Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed ...

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbi...

Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail me...

Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as...

Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary cod...

Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on ...

httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service via long HTTP headers.

httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but n...

StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.

StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.

StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeB...

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is lin...

Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitra...

Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.

Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir para...

login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a...

Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service a...

Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.

Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via...

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send paramete...

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) ...

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a diff...

Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album an...

Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate par...

Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does...

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <m...

Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a d...

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are proc...

The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on fol...

Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event messag...

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Ce...

Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated,...

The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite ch...

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, whi...

Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualifi...

Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain adminis...

Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if ...

CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly hand...

Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewa...

Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard page for the 47-bit address page to protect against an AMD K8 bug, which allows loc...

sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.

Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF ...

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and...

Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of s...

drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to e...

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code...

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an "...

Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service hang) via a crafted Transact...

The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regard...

QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn el...

runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a...

The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increas...

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free na...

Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, an...

The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via...

The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execu...

Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute ar...

Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or loca...

The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the requir...

Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers t...

Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.

arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than ...

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products ...

Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arb...

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute ...

Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute a...

Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long ...

Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a default password, which allows attackers with physical access to the device's serial ...

Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM ...

Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceI...

Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) ...

Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or ...

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows rem...

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script...

The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to ...

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in ...

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbit...

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HT...

The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid paramet...

Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) t...

Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page t...

Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executa...

Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious execu...

Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable ...

Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of Avast Antivirus allows remote attackers to bypass virus detection via a malicious executable ...

Multiple interpretation error in unspecified versions of McAfee Antivirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executab...

Multiple interpretation error in unspecified versions of Dr.Web Antivirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable ...

Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malici...

Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executab...

Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable ...

Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executabl...

Multiple interpretation error in unspecified versions of (1) eTrust-Iris and (2) eTrust-Vet Antivirus allows remote attackers to bypass virus detectio...

Multiple interpretation error in unspecified versions of ArcaVir Antivirus allows remote attackers to bypass virus detection via a malicious executabl...

Multiple interpretation error in unspecified versions of UNA Antivirus allows remote attackers to bypass virus detection via a malicious executable in...

Multiple interpretation error in unspecified versions of Ikarus AntiVirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable...

Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable ...

Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable i...

Multiple interpretation error in unspecified versions of TheHacker allows remote attackers to bypass virus detection via a malicious executable in a s...

Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executabl...

Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious execu...

Multiple interpretation error in unspecified versions of Proland Protector Plus 2000 Antivirus allows remote attackers to bypass virus detection via a...

Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid...

Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote attackers to inject arbitrary web script or HTML via the t_login parameter of fo...

Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecifi...

The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file ...

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article ...

Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, whi...

Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." seque...

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disable...

Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a craft...

The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid oper...

The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows...

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allo...

pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) image...

The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioc...

Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via ...

Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted R...

Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (...

The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault)...

Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to execute arbitrary SQL commands and bypass a...

Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or...

getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the versions of all installed scripts, which allows remote attackers to obtain sensiti...

Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE...

Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via an ACE archive co...

Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via t...

** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allow...

A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized opera...

Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote ...

yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local us...

Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, ...

Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH...

Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large...

Linux kernel before 2.6.12 allows remote attackers to poison the bridge forwarding table using frames that have already been dropped by filtering, whi...

The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does...

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a d...

The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a vari...

The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, ...

Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in previe...

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via ...

Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.l...

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled ...

The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backq...

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via a...

Integer overflow in the openpsfile function in gsinterf.c for Jan Kybic BitMap Viewer (BMV) 1.2 allows local users to execute arbitrary code via a Pos...

Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid,...

Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which al...

Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter.

Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors.

Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed...

Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbit...

The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_...

Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable ex...

Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose p...

LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files...

SQL injection vulnerability in Accelerated Mortgage Manager allows remote attackers to execute arbitrary SQL commands via the password field.

Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable fi...

Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript event...

Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a ...

Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR c...

Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."

The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before ...

Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.

Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.

PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__r...

The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array ...

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via c...

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file...

Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME enviro...

Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a ...

Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary co...

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment varia...

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, wh...

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumpt...

The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function ca...

Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attacke...

Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary...

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the Malloc...

Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render t...

Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should ...

SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user...

The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, w...

Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might ...

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include dec...

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the usernam...

Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_i...

Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user p...

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user p...

Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (...

Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php ...

Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web s...

BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on tempo...

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupt...

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote...

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows loc...

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vect...

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SM...

Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3...

The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, al...

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, o...

The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) v...

Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory vi...

Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// lin...

Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remot...

The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with nul...

Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute a...

Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to exe...

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to ...

Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err par...

chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable direct...

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in Restructured...

SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php ...

SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday paramete...

Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Sta...

PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root ...

Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or...

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attack...

viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via ...

SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script o...

PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP c...

SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unkn...

Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.

Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.

The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loo...

Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the n...

Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user...

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands vi...

Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php...

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encode...

PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include a...

Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name...

Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML ...

Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute ...

Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EM...

Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" mag...

Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTM...

Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magi...

Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magi...

Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "M...

Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ"...

Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 1...

Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, an...

Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine...

Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML wi...

Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a f...

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and...

SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication v...

SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via...

SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication v...

SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication ...

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////....

Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL comman...