Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unk...
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute ...
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to...
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directo...
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various c...
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to...
SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.
SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id ...
SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via th...
Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application...
SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id pa...
PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter.
SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the...
SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1)...
Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) cat...
SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the star...
SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.
SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL comma...
Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_I...
SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SUR...
The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, ...
Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method ...
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filenam...
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) va...
Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to ...
nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets.
SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter.
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parame...
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and ...
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to inde...
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, al...
Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id...
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a...
Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1)...
Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incom...
export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter.
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and...
SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter ...
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1...
Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HT...
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject a...
SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication...
SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unkno...
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote...
Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject ar...
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary w...
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to...
Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web sc...
SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) ...
Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to...
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition...
relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allo...
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL comm...
NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the ...
CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 might allow remote attackers to modify HTTP headers and conduct HTTP response s...
Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-0...
SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report...
The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service ...
Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat...
Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id p...
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memor...
Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium p...
Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET reques...
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of se...
Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is e...
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands v...
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in...
Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTM...
Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web scri...
Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web scr...
Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via t...
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and ear...
Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTM...
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary S...
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert...
Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown i...
SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id para...
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (...
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to c...
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to exe...
Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) th...
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive ...
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value.
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via...
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code,...
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the r...
SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL comma...
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands vi...
SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the produ...
The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote at...
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary w...
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.
Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the q...
Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileg...
search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) dates...
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_logi...
WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other ...
SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT heade...
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," whi...
Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or...
Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PR...
Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2...
Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL comm...
Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web scri...
SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL comm...
SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via...
Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir...
SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possib...
Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arb...
Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a paramete...
SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arra...
Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web sc...
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used i...
The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to cause a denial of service (crash) vi...
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to exec...
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing c...
Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote ...
Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise...
Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via...
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such ...
Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index....
Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a lon...
e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.
e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a ...
Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demons...
SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) ca...
SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and...
SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) ...
Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the ...
SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.p...
SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parame...
Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via...
Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the se...
Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the se...
Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script v...
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem...
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown v...
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and g...
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdf...
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.
SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allo...
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via th...
Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTM...
SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID...
Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbit...
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or H...
Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable.
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of se...
Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via ...
The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_...
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting ...
Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL co...
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other...
Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files ...
xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an inv...
Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset aut...
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (...
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier all...
PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier...
SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day p...
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import...
Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.
Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via th...
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause...
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modif...
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload...
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and d...
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability...
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability...
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to ...
Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact a...
Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an...
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and dela...
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands...
Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customer...
SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.
Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via t...
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parame...
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username...
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicili...
Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other vers...
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to...
SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numer...
Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby p...
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" ...
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sens...
The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request w...
Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attacker...
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct reques...
Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript ...
The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last ...
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verif...
Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename.
Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and ...
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad...
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can ...
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, wh...
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files an...
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has bee...
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which al...
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 r...
Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query str...
Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML ...
Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the...
Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read arbitrary files via the _tcf parameter.
SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id pa...
Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML v...
Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter ...
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let paramete...
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlis...
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbi...
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which lea...
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) ins...
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users ...
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators ...
Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web scrip...
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient mem...
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script...
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary w...
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote a...
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authen...
Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF...
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (applic...
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1...
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web scr...
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with ...
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the prov...
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month...
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities t...
Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspec...
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (tr...
LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a l...
Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to...
Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTM...
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect...
SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password...
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id...
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subj...
Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent ...
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remo...
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow ...
Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 allow user-assisted attackers to execute arbitrary code by (1) overlaying a mal...
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allo...
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary c...
Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S (scheme) argument that specifies a l...
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in th...
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) se...
SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie.
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message bec...
Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination...
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application...
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privile...
SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a differ...
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtai...
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system...
SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID...
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject a...
Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (...
Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hidee...
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the ...
Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) ...
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the pass...
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, ...
Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML...
SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number param...
Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link p...
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat pa...
SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands vi...
SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id par...
Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web s...
Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search paramet...
Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifi...
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web scrip...
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary we...
SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.
Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTM...
SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parame...
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HT...
SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index....
Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via...
Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter.
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) s...
Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifi...
Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic whe...
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML ...
Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Con...
The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which a...
Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as u...
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager ...
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in po...
Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various field...
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows...
Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. ...
SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the i...
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-e...
Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the f...
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination...
Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and desti...
Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) TID parameter in topic.asp, (...
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by re...
Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, relat...
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) s...
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) ca...
Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) us...
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated wit...
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possi...
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by cau...
Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Au...
Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via un...
Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to 2.5.4, and AP-7/AP-8 2.5 and other versions before 3.1, and (2) Proxim AP-600 and A...
Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and d...
Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs a...
Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via ...
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious...
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a ma...
Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a maliciou...
Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certa...
Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly ...
Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameter...
Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTM...
Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web scrip...
Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values fo...
PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php.
Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attackers to inject arbitrary web script or HTML via the ...
Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_act...
Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via ...
Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or H...
Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or...
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the userna...
Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text ...
AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request.
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name val...
Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified se...
Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via...
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via ...
Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with compiled with the debug option, allows remote attac...
Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the addre...
Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequ...
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id para...
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the ful...
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the...
Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via t...
Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum pa...
index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter.
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module pa...
SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials.
Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web scrip...
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id pa...
SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers to execute arbitrary SQL commands via the id para...
Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script ...
SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vec...
HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a "Rose Attack" that involves sending a subset o...
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attac...
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL...
Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attackers to include arbitrary PHP files via ".." seque...
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) ...
The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a...
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 0...
Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and...
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e...
Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some ...
The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all communication in cleartext (base64-encoded), which allo...
Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML vi...
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or ...
SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL co...
SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store...
SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) st...
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upl...
Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web scri...
SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.as...
ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html.
Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ...
The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote att...
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote at...
Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions ...
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all...
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is...
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a craft...
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to cr...
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain t...
Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid...
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (...
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attack...
SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL...
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or ...
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter ...
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: t...
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript ...
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules para...
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) ...
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code v...
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web scrip...
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via uns...
Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web s...
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name ...
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) ...
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via un...
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the...
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search par...
SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID par...
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive ...
Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitr...
Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to ...
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the...
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change paramet...
Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter...
Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML v...
SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID ...
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via ...
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode ...
Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTM...
SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pag...
Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or H...
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm a...
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via...
Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...
Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via ...
Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via t...
search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4)...
SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID para...
Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, p...
SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the...
Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML v...
Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified sear...
Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified sear...
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG ...
SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.
NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitr...
Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary we...
Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbi...
Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified se...
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary co...
SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.
SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. ...
redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supp...
SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page paramet...
Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML vi...
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page par...
Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified se...
Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search paramete...
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the pa...
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary...
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form param...
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ...
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to exec...
Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspec...
Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.
Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by upload...
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an e...
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot do...
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP stream...
Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file...
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to ...
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_a...
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash...
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order paramete...
SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id par...
SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_...
Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parame...
Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML...
Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the titl...
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows r...
MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include th...
Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows rem...
Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code...
The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which cause...
The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic via a PVLAN message with a target MAC address that i...
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a mali...
Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicio...
Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbit...
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, wh...
Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch ...
SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in l...
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required dom...
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" c...
FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext passwo...
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary fi...
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a ...
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to o...
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) ...
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote at...
cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vecto...
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service...
MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via s...
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing...
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player ...
Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1)...
SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_ses...
PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remote attackers to execute arbitrary code via a URL in...
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugin...
Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of service (kernel deadlock) by sending a SYN packet...
The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of ser...
Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial...
Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to read and include arbitrary files vi...
PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remote attackers to execute arbitrary code via a UR...
Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote attackers to execute arbitrary PHP code via (1) the...
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial...
POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows remote attackers to cause a denial of service (infini...
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitr...
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execut...
udev does not properly set permissions on certain files in /dev/input, which allows local users to obtain sensitive data that is entered at the consol...
Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified s...
Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web scri...
Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[se...
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid paramete...
SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id pa...
Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...
Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified sear...
Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via ...
Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via...
Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via t...
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via th...
SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_...
Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sea...
Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script...
Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type ...
Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1...
Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via t...
Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via u...
Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified se...
Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified para...
SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the...
Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via t...
Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the ...
Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified se...
The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS),...
Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code...
SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: ...
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scriptin...
Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web sc...
httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of service (crash) via a long Server field in an HTT...
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying c...
Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file desc...
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote ...
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privil...
Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to...
Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script...
Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file.
SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the proven...
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the templ...
Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via f...
Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified ...
Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search pa...
The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to b...
SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, poss...
DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by ...
tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or H...
SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings paramete...
Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.p...
Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute...
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of...
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks...
Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers ...
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably relat...
SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) ...
Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe ...
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in in...
SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors.
The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors.
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web...
scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root ...
Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to exec...
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on tem...
Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the ...
search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possib...
Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q paramet...
SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via un...
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary ...
The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP...
Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web...
The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this inf...
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (...
Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web scrip...
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, w...
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attacker...
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable valu...
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly ini...
The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafi...
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot t...
SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and b...
The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of serv...
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote atta...
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to hav...
Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow r...
Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote att...
Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote ...
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 al...
Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the Keyword para...
Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2)...
PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the...
Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitr...
PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.c...
Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inje...
Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43...
Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 t...
Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-91...
Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in...
Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program ...
Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and ...
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in th...
BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL...
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via ...
Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter ...
Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that...
Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode ta...
Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode.
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will exec...
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label le...
The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte w...
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label le...
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (cra...
The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an inva...
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack...
Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_...
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions....
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL poi...
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name...
ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments vi...
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument t...
PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relati...
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimizati...
The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1)...
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences...
Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or gro...
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted...
Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS pac...
Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses mes...
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (Q...
Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via a...
Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing ...
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (ha...
The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to...
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all childre...
Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (...
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via...
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers ...
Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, whi...
login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid.
Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variab...
Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL comman...
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML v...
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorre...
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified at...
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors ...
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific...
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attac...
Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows ...
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7...
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a ...
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as ...
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink a...
Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows...
Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix ...
Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default per...
Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortin...
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HT...
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files ...
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP reque...
Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma o...
Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user...
The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/rof...
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls...
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers t...
The atm module in Linux kernel 2.6 before 2.6.14 allows local users to cause a denial of service (panic) via certain socket calls that produce inconsi...
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attacker...
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via...
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in...
Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch...
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade pat...
The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords ...
nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystem...
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attack...
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service...
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service...
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memor...
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX,...
initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local us...
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, p...
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.05123...
Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a lar...
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attacke...
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL dat...
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solst...
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1...
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an app...
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via...
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height an...
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (S...
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attr...
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netsc...
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote atta...
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option i...
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to...
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" ...
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass...
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and se...
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unkn...
Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which al...
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, all...
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitr...
PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute a...
Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious...
Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the total...
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the ema...
Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the pag...
Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web sc...
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary file...
The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is proc...
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file ext...
Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML v...
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vect...
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) ...
Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via ...
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) o...
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an inval...
Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code...
SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords...
Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum...
Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in th...
Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full inst...
SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page paramet...
SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter.
SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter.
Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a...
SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via t...
Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program ...
Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via ...
Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files ...
upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name.
The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a da...
Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cau...
The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might al...
Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to...
SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page para...
SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters.
SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billd...
SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter.
SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id p...
SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page para...
The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for valid lengths of the header and payload, which allows...
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dia...
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary...
index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news m...
Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users t...
SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1...
SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s pa...
SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter....
Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HT...
SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter.
Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possi...
Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId an...
Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.ex...
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML ...
Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a...
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule paramete...
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricat...
Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown...
Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested...
SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all ...
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/vie...
Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or H...
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system con...
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by repl...
The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attac...
Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unk...
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML...
SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitra...
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript cont...
Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vector...
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: s...
The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via craft...
SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username an...
Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web scr...
Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web scr...
Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary...
ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usern...
Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (...
Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c ...
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers t...
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute a...
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site withi...
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a ...
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data vi...
Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the D...
Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMe...
PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive ...
Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers t...
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote a...
PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obt...
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP...
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address...
Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the...
Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and...
imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users t...
Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies.
Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly ...
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute ar...
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIM...
The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memo...
The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared ke...
Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP...
Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain s...
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via ...
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working...
SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via th...
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS...
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to b...
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connecti...
Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown ...
Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown at...
Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the User...
The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCre...
Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappr...
SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header...
CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in t...
Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a deni...
Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code...
Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary ...
Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid d...
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote at...
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style...
Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the...
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large valu...
Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q pa...
_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which rev...
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of ...
SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in...
Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the sto...
MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data...
Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the Use...
Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in t...
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number gener...
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows rem...
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web scri...
NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by callin...
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attacke...
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certai...
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join...
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abn...
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation bas...
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application ...
IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) b...
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgi...
Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors...
Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL comma...
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote ...
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via u...
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or...
Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML vi...
PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary ...
HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier all...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of...
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as ...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity l...
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknow...
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nod...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple Princ...
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL patt...
Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Adm...
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about ...
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the r...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is...
BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows rem...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, d...
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote atta...
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out ...
SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the ...
SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_i...
SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to e...
Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, whic...
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which ...
The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) p...
Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the e...
Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upo...
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-...
Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the ...
The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer a...
verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the ...
Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via ...
Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL co...
NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of servi...
kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local user...
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly e...
Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) au...
Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0,...
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index...
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate s...
resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which a...
Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added t...
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local ...
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQ...
Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 ...
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denia...
Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local use...
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to t...
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via "....
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a lon...
Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitr...
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to in...
Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perfor...
Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source ref...
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associ...
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows ...
Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Editio...
Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unre...
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 2005072...
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-as...
Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via a...
Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type hea...
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of serv...
The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit...
Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Re...
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows re...
SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before ...
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...
Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute ar...
Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the p...
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inj...
SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic.
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via paramete...
SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execu...
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via...
PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL i...
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk ...
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to c...
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the...
Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add anothe...
VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack ...
CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting ...
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be lever...
SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privil...
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attac...
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, rela...
The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service ...
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote...
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote a...
Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inj...
PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of val...
The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and b...
The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class ...
The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object o...
The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class as...
The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class a...
The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial ...
Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via ...
Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," ...
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remo...
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) ...
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit da...
eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the orig...
The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (unde...
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not...
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users...
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restric...
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization...
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of servic...
Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary w...
mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers t...
Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for loc...
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a ...
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search...
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long usernam...
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to...
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain u...
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the...
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM...
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrit...
Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-d...
Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code v...
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords ...
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo func...
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other ...
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote...