Vulnerability Index: Year 2005

Race condition vulnerability in Linux kernel allows arbitrary code execution via concurrent threads sharing virtual memory space and requesting stack expansion. Insecure Password Change Vulnerability in poppassd_pam 1.0 and Earlier Vulnerability: Overlapping VMA Allocations in Linux Kernel 2.6 Symlink Attack Vulnerability in MySQL Access Script Heap-based Buffer Overflow in ImageMagick 6.1.0 and 6.1.7 via Large Number of Layers in .PSD Image File COPS Dissector Denial of Service Vulnerability DLSw Dissector Denial of Service Vulnerability in Ethereal 0.10.6-0.10.8 Memory Corruption Vulnerability in DNP Dissector in Ethereal 0.10.5 through 0.10.8 Gnutella Dissector Denial of Service Vulnerability in Ethereal 0.10.6-0.10.8 Denial of Service Vulnerability in Ethereal MMSE Dissector Stack-based Buffer Overflow Vulnerabilities in fliccd Dillo Format String Vulnerability in a_Interface_msg Function Privilege Escalation in nwclient.c Remote Code Execution Vulnerability in ncplogin in ncpfs before 2.2.6 Arbitrary Command Execution in diatheke.pl in Sword 1.5.7a Buffer Overflow in xatitv Exported_Display Function in Gatos 0.0.5 and Earlier: Arbitrary Code Execution Vulnerability Local File Disclosure Vulnerability in f2c Translator Symlink Attack Vulnerability in f2c Package 3.1 Local Command Execution Vulnerability in hztty 2.0 and Earlier Buffer Overflow Vulnerability in playmidi 2.4 and earlier allows for arbitrary code execution Buffer Overflow Vulnerabilities in Exim 4.43: Arbitrary Code Execution Buffer Overflow in Exim's spa_base64_to_bits Function Allows Arbitrary Code Execution Spoofing Logon Hostname via Modified DISPLAY Environment Variable in GNOME libzvt2 and libvte4 Buffer Overflow in BIND 8.4.4 and 8.4.5 Allows Remote Denial of Service Denial of Service Vulnerability in BIND 9.3.0 with DNSSEC Enabled Arbitrary File Existence Disclosure Vulnerability in Adobe Acrobat and Acrobat Reader Denial of Service Vulnerability in DeleGate DNS Implementation Denial of Service Vulnerability in DNRD DNS Implementation Denial of Service Vulnerability in PowerDNS 2.9.16 and Earlier IPsec Tunnel Mode Vulnerability: Decrypting Communications via ICMP Messages Cross-Site Scripting (XSS) Vulnerabilities in DotNetNuke before 3.0.12 Buffer Overflow Vulnerability in Apple iTunes 4.7 Allows Remote Code Execution via Long URL in Playlist Files OLE Input Validation Vulnerability Server Message Block (SMB) Remote Code Execution Vulnerability COM Structured Storage Vulnerability in Windows 2000, XP, and Server 2003 IP Validation Vulnerability in Microsoft Windows XP, 2000, Server 2003, and Older Operating Systems Arbitrary HTML Injection and Web Cache Spoofing Vulnerability in Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 License Logging Service Unchecked Buffer Vulnerability Named Pipe Vulnerability in Windows XP SP1 and SP2 Drag-and-Drop Code Execution Vulnerability in Internet Explorer 5.01, 5.5, and 6 URL Decoding Zone Spoofing Vulnerability in Internet Explorer 5.01, 5.5, and 6 DHTML Method Heap Memory Corruption Vulnerability in Internet Explorer 5.01, 5.5, and 6 Channel Definition Format (CDF) Cross Domain Vulnerability Remote Code Execution Vulnerability in Hyperlink Object Library TAPI Buffer Overflow Vulnerability Buffer Overflow Vulnerability in Message Queuing Component of Microsoft Windows 2000 and Windows XP SP1 Font Processing Component Buffer Overflow Vulnerability Privilege Escalation Vulnerability in Microsoft Windows 2000, XP, and Server 2003 Remote Code Execution Vulnerability in Windows Shell Document Processing Buffer Overflow in Decrypt::makeFileKey2 Function in xpdf 3.00 and Earlier TCP Sequence Number Checking Vulnerability TCP Acknowledgement Number Checking Vulnerability TCP Port Randomization Vulnerability ICMP Vulnerability: Authentication Bypass for Host-Generated Error Messages Arbitrary File Overwrite Vulnerability in tcltags and vimspell.sh Scripts Privilege Escalation Vulnerability in Synaesthesia 2.1 and Earlier Arbitrary File Overwrite Vulnerability in vdr before 1.2.6 Privilege Escalation Vulnerability in zhcon before 0.2 Buffer Overflow Vulnerability in Sympa 3.3.3 Support Script Allows Local Code Execution Buffer Overflow Vulnerability in pcdsvgaview in xpcd 2.08 Remote Code Injection in SquirrelMail via Custom Preference Handlers Buffer Overflow Vulnerabilities in XView Library 3.2 Allow Arbitrary Code Execution Local Privilege Escalation Vulnerability in DBI Library for Perl KDE Screen Saver Crash Vulnerability Buffer Overflow Vulnerability in xtrlock 2.0: Denial of Service and Desktop Session Hijacking Information Disclosure Vulnerability in Mailman 2.1.5 Allows Remote Attackers to Determine List Membership Denial of Service Vulnerability in MySQL MaxDB 7.5.0.0 and Earlier Versions Remote Denial of Service Vulnerability in MySQL MaxDB WebDAV Handler MySQL MaxDB 7.5.00 Remote Denial of Service Vulnerability X11 Dissector Buffer Overflow Vulnerability Arbitrary Script Execution via Unsanitized Config Parameter in ht://dig (htdig) Heap-based Buffer Overflow in less in Red Hat Enterprise Linux 3 Stack Protection Bypass in alsa-lib Package in Red Hat Linux 4 Remote Code Execution Vulnerability in mod_python 2.7.8 and earlier Remote Code Execution via SimpleXMLRPCServer Library in Python Denial of Service Vulnerability in Red Hat Enterprise Linux 4 Kernel 4GB/4GB Split Patch Privilege Escalation via Arbitrary Kernel Memory Access in Red Hat Enterprise Linux 4 Kernel 4GB/4GB Split Patch Denial of Service Vulnerability in Red Hat Enterprise Linux 4 Kernel 4GB/4GB Split Patch Buffer Overflow Vulnerability in Squid Gopher Reply Parser Denial of Service Vulnerability in Squid's WCCP Message Parsing Code NTLM fakeauth_auth Helper Memory Leak Vulnerability NTLM Component Denial of Service Vulnerability Buffer Overflow Vulnerabilities in abuse-SDL: Arbitrary Code Execution Insecure Privilege Dropping in abuse-SDL Allows Arbitrary File Creation Remote Code Execution via Format String Vulnerability in movemail Utility Buffer Overflow in socket_getline function in Newspost 2.1.1 and earlier Arbitrary Code Execution via Integer Overflow in camel-lock-helper Remote File Inclusion Vulnerability in SquirrelMail webmail.php (<= 1.4.4) Allows Arbitrary Code Execution Arbitrary Web Script Injection Vulnerability in SquirrelMail webmail.php Local Privilege Escalation Vulnerability in typespeed 0.4.1 and earlier Insecure Entropy Source in SSLeay.pm Arbitrary Command Execution via Email Address Sanitization Vulnerability in bsmtpd 2.3 and Earlier Denial of Service Vulnerability in Apache mod_auth_radius and libpam-radius-auth Covert Channel and Timing Attack Vulnerability in Hyper-Threading Technology Arbitrary Code Execution Vulnerability in Internet Explorer 6 on Windows XP SP2 Remote Code Execution via Stack-based Buffer Overflow in MySQL MaxDB 7.5.00 Websql CGI Program Authentication Bypass and Information Disclosure in 3Com OfficeConnect Wireless 11g Access Point SGI IRIX inpview Local Command Execution Vulnerability Memory Address Verification Vulnerability in ZoneAlarm and Check Point Integrity Client Stack-based Buffer Overflow in IDA Pro 4.7: Arbitrary Code Execution via Long Import Library Name Arbitrary Command Execution in AWStats 6.1 and Earlier Versions Buffer Overflow in XShisen 1.36: Arbitrary Code Execution via Long GECOS Field Insecure File Recovery in Helvis 1.8h2_1 and Earlier Local Privilege Escalation Vulnerability in Helvis 1.8h2_1 and Earlier Local Privilege Escalation: Arbitrary File Deletion in Helvis 1.8h2_1 and Earlier Buffer Overflow Vulnerabilities in golddig 2.0 and Earlier: Arbitrary Code Execution Buffer Overflow Vulnerability in coda_pioctl Function Privilege Escalation Vulnerability in at Commands on Mac OS X 10.3.7 and Earlier Arbitrary Code Execution via Malformed ICC Color Profiles in ColorSync on Mac OS X 10.3.7 and 10.3.8 Information Leakage in Mail Message-IDs in Mac OS X 10.3.7 Remote Code Execution via Quick Buttons in Konversation 0.15 Remote Command Execution in Konversation 0.15 via Unquoted Channel and Song Names Password Leakage in Konversation 0.15's Quick Connection Dialog Denial of Service Vulnerability in ClamAV 0.80 and Earlier Insecure Socket Directory Creation in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 Denial of Service Vulnerability in Linux Kernel 2.6 on Itanium (ia64) Architectures Denial of Service Vulnerability in Linux Kernel on Itanium IA64 Platform Denial of Service Vulnerability in Linux Kernel 2.6 on Itanium (ia64) Architectures Insecure Access Control in rpc.mountd on SGI IRIX 6.5.25-6.5.27 Insufficient Access Rights Vulnerability in SGI IRIX rpc.mountd Buffer Overflow in PeID: Arbitrary Code Execution via Long Import Library Name Local File Disclosure Vulnerability in Firefox and Mozilla World-readable permissions on temporary files in Firefox, Thunderbird, and Mozilla versions before 0.9, 0.6, and 1.7.5 respectively Insecure Page Loading Exploit: Facilitating Phishing Attacks through SSL Lock Icon Misrepresentation Insecure Page Loading Facilitates Phishing Attacks in Firefox and Mozilla Click Event Bypass Vulnerability in Firefox 1.0 Clipboard Data Leakage via Middle-Click Event in Firefox and Mozilla Proxy Authentication Bypass Vulnerability in Firefox and Mozilla Potential Vulnerability: Cross-Product Exploitation via Thunderbird's Default Handler for javascript: Links Cookie Bypass Vulnerability in Thunderbird and Mozilla Arbitrary Code Execution via Livefeed Bookmarks in Firefox Adobe License Management Service Vulnerability Arbitrary Code Execution via URL Manipulation in Squirrelmail 1.2.6 Arbitrary File Creation Vulnerability in PerlIO Implementation Buffer Overflow in PerlIO Implementation in Perl 5.8.0 with setuid Support Email Subscription Vulnerability in SmartList 3.15 and Earlier Bidwatcher Format String Vulnerability Local Privilege Escalation via Symlink Attack in tpkg-* Scripts Multiple Buffer Overflows in unace 1.2b: Arbitrary Code Execution Vulnerability Directory Traversal Vulnerabilities in unace 1.2b: Arbitrary File Overwrite Stack-based Buffer Overflow in get_internal_addresses function in Openswan Bypassing Username-Based ACLs in Squid 2.5 and Earlier via Leading or Trailing Spaces HTTP Header Injection Vulnerability in Squid Proxy Server HTTP Response Splitting Vulnerability in Squid 2.5 up to 2.5.STABLE7 Memory Unlocking Vulnerability in Linux 2.6.9 and Earlier Buffer Overflow Vulnerability in nls_ascii.c in Linux Kernel Race condition vulnerability in setsid function in Linux before 2.6.8.1 allows local users to cause denial of service and potentially access kernel memory Denial of Service and RLIM_MEMLOCK Bypass Vulnerability in Linux Kernel 2.4.x and 2.6.x Integer Signedness Errors in sg_scsi_ioctl Function in Linux 2.6.x Predictable Filename Vulnerability in mod_dosevasive Module for Apache Arbitrary Command Execution Vulnerability in Vacation Plugin for Squirrelmail Directory Traversal Vulnerability in Vacation Plugin 0.15 and Earlier for Squirrelmail NodeManager Professional 2.00 Stack-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in Cisco IOS Telephony Service (ITS), CallManager Express (CME), and Survivable Remote Site Telephony (SRST) Stack-based Buffer Overflow in SetSkin Function in AtHoc Toolbar Format String Vulnerability in SetBaseURL Function in AtHoc Toolbar Stack-based Buffer Overflow in RealPlayer 10.5 and Earlier Versions RealPlayer 10.5 (6.0.12.1040) Directory Traversal File Deletion Vulnerability Remote Code Execution Vulnerability in RealPlayer 10.5 and Earlier Versions via Long Tag Directory Traversal Vulnerability in RealPlayer 10.5 and Earlier Buffer Overflow Vulnerability in mRouter in iSync 1.5 on Mac OS X 10.3.7 and Earlier Bypassing Access Control Lists in Squid 2.5 Denial of Service Vulnerability in Cisco IOS 12.0S through 12.3YH Denial of Service Vulnerability in Cisco IOS 12.0-12.3YL with BGP Log-Neighbor-Changes Command Denial of Service Vulnerability in Cisco IOS with Disabled MPLS Interface CRAM-MD5 Logic Error Allows Remote Authentication as Arbitrary Users Integer Underflow and Buffer Overflow in ngIRCd Lists_MakeMask() Function Arbitrary PHP Script Execution in TikiWiki before 1.8.5 Arbitrary Message Injection in D-BUS Socket Directory Traversal Vulnerability in Mailman 2.1.5 and Earlier Privileged IO Port Write Vulnerability in Linux Kernel Privilege Escalation via Unprotected File Descriptors in KPPP 2.1.2 Incomplete Patch for Integer Overflow Vulnerabilities in Xpdf 2.0 and 3.0 on 64-bit Linux Distributions NFS Denial of Service Vulnerability via O_DIRECT in Linux Kernel 2.4.x, 2.5.x, and 2.6.x HTML Parsing Vulnerability in Gaim 1.1.4 and Earlier Versions Denial of Service Vulnerability in Netfilter of Linux Kernel 2.6.8.1 Double Reassembly Vulnerability in Netfilter of Linux Kernel 2.6.8.1 Buffer Overflow Vulnerability in Squid 2.5 Allows Remote Code Execution Denial of Service Vulnerability in Amp II Engine of Gore: Ultimate Soldier 1.50 and Earlier WinHKI 1.4d Directory Traversal Vulnerability Arbitrary File Access Vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c Denial of Service Vulnerability in Mozilla 1.6 and Other Versions via XBM File Arbitrary Web Script Injection Vulnerability in Woltlab Burning Board Lite 1.0.0 and 1.0.1e SQL Injection Vulnerability in Invision Community Blog's index.php Allows Remote Code Execution via eid Parameter Vulnerability: Bypassing Virus Scanning in ClamAV via Base64 Encoded Image in data: URL Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gallery 1.3.4-pl1 Cross-Site Scripting Vulnerability in Gallery 1.4.4-pl2 Login Page Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha Path Disclosure Vulnerability in Gallery 2.0 Alpha Remote Denial of Service Vulnerability in Tru64 UNIX SDK and RTE 1.4.1/1.4.2 Denial of Service Vulnerability in HP-UX Virtualvault 4.5-4.7 TGA Daemon Arbitrary File Overwrite Vulnerability in FireHOL Remote Code Execution Vulnerability in ngIRCd 0.8.2 and Earlier Arbitrary Code Execution via LOAD Extension in PostgreSQL Information Disclosure Vulnerability in CitrusDB 0.3.5 and Earlier Firedragging: Arbitrary Command Execution via Malformed GIF Files in Firefox 1.0 Firetabbing: Bypassing Firefox's Javascript Security Manager through Dragging URLs Fireflashing: Remote Modification of Firefox's about:config Site via Flash Plugin Homograph Character Spoofing Vulnerability in Firefox, Camino, and Mozilla Homograph Spoofing Vulnerability in Safari 1.2.5 IDN Spoofing Vulnerability in Opera 7.54 Homograph Homage: Exploiting IDN Support in Omniweb 5 for Phishing Attacks IDN Spoofing Vulnerability in Konqueror 3.2.1 IDN Spoofing Vulnerability in Epiphany: Facilitating Phishing Attacks through Homograph Characters Arbitrary Command Execution in S/MIME Plugin for Squirrelmail Format String Vulnerability in chdev on IBM AIX 5.2 Improper Debug Context Handling in httpProcessReplyHeader Function in Squid 2.5-STABLE7 and Earlier Arbitrary Code Execution Vulnerability in Yahoo! Messenger Audio Setup Wizard Remote Code Execution via Long Filenames in Yahoo! Messenger Bypassing EXECUTE Permission Check in PostgreSQL 8.0.0 and Earlier via CREATE AGGREGATE Command Heap-based Buffer Overflow in gram.y for PostgreSQL 8.0.0 and Earlier Denial of Service Vulnerability in intagg contrib module for PostgreSQL 8.0.0 and earlier Multiple Buffer Overflow Vulnerabilities in PostgreSQL 8.0.1 and Earlier Blank Password Vulnerability in Solaris Management Console (SMC) GUI Heap-based Buffer Overflow in Symantec AntiVirus Library's DEC2EXE Module IBM AIX Auditselect Format String Vulnerability Arbitrary HTML and Web Script Injection in BibORB 1.3.2 SQL Injection Vulnerability in BibORB 1.3.2 and Earlier: Remote Code Execution via Username and Password Fields Directory Traversal Vulnerability in BibORB 1.3.2 and Earlier: Arbitrary File Deletion via Database_Name Parameter Arbitrary File Upload Vulnerability in BibORB 1.3.2 and Earlier Versions Heap Corruption Vulnerability in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2 Denial of Service Vulnerability in wu-ftpd 2.6.1 and 2.6.2 Directory Traversal Vulnerability in phpBB 2.0.11 Arbitrary File Read Vulnerability in phpBB 2.0.11 and Other Versions with Remote Avatars Remote Code Execution Vulnerability in BrightStor ARCserve Backup Discovery Service Privilege Escalation via lspath in AIX 5.2, 5.3, and Earlier Versions Buffer Overflow Vulnerability in ipl_varyon on AIX 5.1, 5.2, and 5.3 Buffer Overflow Vulnerability in netpmon on AIX 5.1, 5.2, and 5.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in OWL browse.php Multiple SQL Injection Vulnerabilities in OWL 0.7 and 0.8 browse.php Arbitrary Web Script Injection Vulnerability in SugarCRM 1.X Arbitrary Administrator Account Creation in FlatNuke 2.5.1 Arbitrary PHP Code Execution via Direct Code Injection in FlatNuke 2.5.1 Arbitrary File Upload Vulnerability in GNUBoard 3.40 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in ReviewPost PHP Pro before 2.84 Multiple SQL Injection Vulnerabilities in ReviewPost PHP Pro Arbitrary PHP File Upload and Execution in ReviewPost PHP Pro before 2.84 SQL Injection Vulnerabilities in PhotoPost's showgallery.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in PhotoPost before 4.86 Denial of Service Vulnerability in 3Com 3CDaemon 2.0 Revision 10 via TFTP GET Request Format string vulnerabilities in 3Com 3CDaemon 2.0 revision 10 FTP Service Buffer Overflow Vulnerability in 3Com 3CDaemon 2.0 Revision 10 FTP Service FTP Service Information Disclosure Vulnerability in 3Com 3CDaemon 2.0 Revision 10 Denial of Service Vulnerability in Soldner Secret Wars 30830 and Earlier Soldner Secret Wars Format String Vulnerability Cross-Site Scripting (XSS) Vulnerability in Soldner Secret Wars 30830 Web Interface SQL Injection Vulnerability in MyBB's member.php Allows Remote Code Execution QwikiWiki Directory Traversal Vulnerability SQL Injection Vulnerability in Woltlab Burning Book 1.0 Gold and 1.1.1e Privilege Escalation in Webseries Payment Application Information Disclosure Vulnerability in eMotion MediaPartner Web Server 5.0 and 5.1 Arbitrary File Read Vulnerability in Bottomline Webseries Payment Application Insecure Change Password Functionality in Bottomline Webseries Payment Application Denial of Service Vulnerability in Apple AirPort Express and Extreme Remote Bypass of Filters in NETGEAR FVS318 Firmware 2.4 and Other Versions Arbitrary Web Script Injection Vulnerability in NETGEAR FVS318 Log Viewer Multiple SQL Injection Vulnerabilities in PHP Gift Registry (phpGiftReg) 1.4.0 and Earlier Versions Minis 0.2.1 Directory Traversal Vulnerability Denial of Service Vulnerability in Minis 0.2.1 via Unauthorized File Access Unrestricted I/O Privilege Escalation in npptnt2.sys Unauthenticated Information Disclosure in Novell GroupWise WebAccess Oracle Database 9i and 10g SQL Injection Vulnerability Oracle DIRECTORY Object Information Disclosure Vulnerability Directory Traversal Vulnerability in GForge 3.3 and Earlier Arbitrary File Read Vulnerability in JSBoard 2.0.9 and Earlier Authentication Bypass Vulnerability in BackOffice Lite 6.0 and 6.01 SQL Injection Vulnerability in BackOffice Lite 6.0 and 6.01 via Referer Field Cross-Site Scripting (XSS) Vulnerabilities in BackOffice Lite 6.0 and 6.01 DivX Player 2.6 and Earlier Directory Traversal Vulnerability CRLF Injection Vulnerability in Siteman 1.1.10 and Earlier: Arbitrary User Addition and Privilege Escalation MercuryBoard 1.1.1 Path Disclosure Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in MercuryBoard 1.1.1 index.php Buffer Overflow in wsprintf Function in W32Dasm 8.93 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Exponent 0.95 Path Disclosure Vulnerability in Exponent 0.95 Ingate Firewall 4.1.3 and Earlier Vulnerability: Unauthorized Access Retention Denial of Service Vulnerability in WarFTPD 1.82 RC9 NT Service Multiple Directory Traversal Vulnerabilities in Magic Winmail Server 4.0 Build 1112 Arbitrary Script Injection in Magic Winmail Server 4.0 Build 1112 FTP Service IP Address Verification Bypass Vulnerability WebWasher Classic Server Mode CONNECT Request Bypass Vulnerability Alt-N WebAdmin 3.0.4 User Account Cross-Site Scripting (XSS) Vulnerability Improper Validation of Account Edits in Alt-N WebAdmin 3.0.4 Alt-N WebAdmin 3.0.4 Remote Injection Vulnerability Cross-Site Scripting Vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 Information Disclosure Vulnerability in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 Weak Encryption Vulnerability in MERAK Mail Server and Icewarp Web Mail Infinite Mobile Delivery Webmail 2.6 XSS Vulnerability Path Disclosure Vulnerability in Infinite Mobile Delivery Webmail 2.6 Denial of Service Vulnerability in Xpand Rally 1.0.0.0 Path Disclosure Vulnerability in PaFileDB 3.1 Arbitrary PHP Code Execution in Pafiledb 3.1 via Modified Action Parameter LAN IP Address Disclosure Vulnerability ZipGenius 5.5 and Earlier Directory Traversal Vulnerability Buffer Overflow Vulnerability in Painkiller 1.35 and Earlier Versions Arbitrary File Creation Vulnerability in WinRAR 3.42 and Earlier Directory Traversal Vulnerability in DeskNow Mail and Collaboration Server 2.5.12 LANChat Pro Revival 1.666c Denial of Service Vulnerability Denial of Service Vulnerability in Linksys PSUS4 Firmware 6032 EMotion MediaPartner Web Server 5.0 Directory Traversal Vulnerability Arbitrary HTML Injection Vulnerability in EMotion MediaPartner Web Server 5.0 Vulnerability: Mail Relaying Bypass in Postfix 2.1.3 with Disabled /proc/net/if_inet6 Buffer Overflow Vulnerability in Savant Web Server 3.1 Allows Remote Code Execution Buffer Overflow Vulnerability in Foxmail 2.0: Remote Code Execution and Denial of Service Apple File Service (AFP Server) Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerability in Apple Safari 1.2.4 Privilege Escalation via .DS_Store Hard Link Vulnerability SQL Injection Vulnerability in PerlDesk 1.x via view parameter Arbitrary File Execution Vulnerability in 602LAN SUITE 2004.0.04.1221 Unauthenticated Access to Protected Forums in php-fusion 4.x Cleartext Storage of VPN Password in SafeNet SoftRemote VPN Client Buffer Overflow Vulnerability in RealArcade 1.2.0.994 and Earlier RealArcade 1.2.0.994 Directory Traversal File Deletion Vulnerability Hard-coded Credentials Vulnerability in BrightStor ARCserve Backup 11.1 UniversalAgent for UNIX Heap-based Buffer Overflow in F-Secure Anti-Virus and Internet Security Products via Crafted ARJ Archive Buffer Overflow Vulnerability in SCO OpenServer 5.0.6 and 5.0.7 Privilege Escalation Vulnerability in Servers Alive 4.1 and 5.0 Remote Code Execution Vulnerability in Sentinel License Manager 7.2.0.2 PAWS Vulnerability: Denial of Service via Spoofed Packets with Large Timer Value Authentication Bypass Vulnerability in EMC Legato NetWorker, Sun Solstice Backup, and StorEdge Enterprise Backup Authentication Token Manipulation Vulnerability in EMC Legato NetWorker, Solstice Backup, and StorEdge Enterprise Backup Unrestricted Access to pmap_set and pmap_unset Commands in Legato PortMapper Arbitrary File Creation Vulnerability in Microsoft Log Sink Class ActiveX Control Remote Code Execution in AWStats 6.2 via Shell Metacharacters in Plugin Parameters Arbitrary Command Execution in AWStats 4.0 and 6.2 via awstats.pl BIND 9.2.0 Denial of Service Vulnerability in HP-UX B.11.00, B.11.11, and B.11.23 Predictable Filename Vulnerability in KDE 3.2.x and 3.3.x's dcopidlng Script OpenPGP Chosen-Ciphertext Attack Vulnerability ArGoSoft Mail Server 1.8.7.3 - Multiple Directory Traversal Vulnerabilities SQL Injection Vulnerabilities in CMScore Denial of Service Vulnerability in Armagetron Denial of Service Vulnerability in Armagetron and Armagetron Advanced Denial of Service Vulnerability in Armagetron Game Directory Traversal Vulnerability in gFTP (GTK+) Allows Remote File Read Buffer Overflow in digestmd5.c CVS Release 1.170: Remote Code Execution Vulnerability Arbitrary Web Script Injection via BBCode Image Tag in Bitboard 2.5 and Earlier Sensitive Information Disclosure in SGallery 1.01 via imageview.php SGallery 1.01 PHP Remote File Inclusion Vulnerability SQL Injection Vulnerability in SGallery 1.01's imageview.php Allows Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in Horde 3.0 Multiple Directory Traversal Vulnerabilities in ZeroBoard 4.1pl5 and Earlier PHP Remote File Inclusion Vulnerabilities in ZeroBoard 4.1pl5 and Earlier Arbitrary Web Script Injection Vulnerability in forumKIT 1.0 Denial of Service Vulnerability in Breed Patch 1 and Earlier Replay Attack Vulnerability in Trend Micro Control Manager 3.0 Enterprise Edition Denial of Service Vulnerability in Linux Kernel 2.6.8.1 PPP Driver Buffer Overflow Vulnerability in Luxman Before 0.41 Allows Arbitrary Code Execution Arbitrary Web Script Injection Vulnerability in mailreader.cgi Local Privilege Escalation via Symlink Attack in remstats 1.0.13 and Earlier Arbitrary Command Execution Vulnerability in Remstats Remoteping Service Buffer Overflow in Axel HTTP Redirection Capability Allows Remote Code Execution Arbitrary File Modification Vulnerability in GeneWeb 4.10 and Earlier Root Privilege Escalation via Log File Execution Improper Usage of Temporary Files in crip 3.5 Helper Scripts DCOP Daemon Denial of Service Vulnerability ImageMagick SetImageInfo Format String Vulnerability Denial of Service Vulnerability in KAME racoon Daemon Heap-based Buffer Overflow in GIF2.cpp Allows Remote Code Execution Memory Initialization Vulnerability in ext2_make_empty Function Firescrolling 2: Remote Code Execution Vulnerability in FireFox and Mozilla Arbitrary Code Execution via Firefox Sidebar Panel Injection Denial of Service and Potential TTY Access Vulnerability in Red Hat Enterprise Linux 3 Email Spoofing Vulnerability in KMail 1.7.1 JPEG Image Processing Software Vulnerability: EXIF Thumbnail Information Leak Arbitrary HTML and Web Script Injection in Openconf 1.04 and Earlier Versions Predictable MD5 Hash Generation in CitrusDB 0.3.6 and Earlier Allows Authentication Bypass Unauthenticated Remote File Upload and Information Disclosure in CitrusDB SQL Injection Vulnerability in importcc.php for CitrusDB 0.3.6 and Earlier: Remote Data Injection via CSV File Fields Directory Traversal Vulnerability in CitrusDB 0.3.6 and Earlier: Arbitrary PHP File Inclusion via Index.php Spidean PostWrap XSS Vulnerability Multiple SQL Injection Vulnerabilities in MyPHP Forum 1.0 SQL Injection Vulnerability in MercuryBoard 1.1.1: Remote Code Execution via post.php Memory Leak Vulnerability in Emdros MQL Parser Stack-based Buffer Overflow in Windows Animated Cursor (ANI) Capability Unspecified High-Risk Vulnerability in DB2 Universal Database 8.1 and Earlier Java Web Start Argument Injection Vulnerability Heap-based Buffer Overflow in 3Com 3CServer via Long FTP Commands Arbitrary URL Redirection Vulnerability in Microsoft Outlook Web Access (OWA) Local Privilege Escalation in DelphiTurk FTP 1.0 via Profile.dat File CodeBank Vulnerability: Local Privilege Escalation via Stored Usernames and Passwords SQL Injection Vulnerability in ASPjar Guestbook Login Remote Message Deletion Vulnerability in delete.asp Program of ASPjar Guestbook Remote Code Disclosure Vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 on Windows Solaris 8 and 9 Denial of Service Vulnerability via Heavy UDP Usage Insecure Encryption of Root Password in Webmin Ebuild on Gentoo Linux Denial of Service Vulnerability in PowerDNS DNSPacket::expand Method Arbitrary PHP Code Execution Vulnerability in vBulletin Forumdisplay.php Quake 3 Engine Denial of Service and Buffer Overflow Vulnerability Open Mail Relay Vulnerability in Barracuda Spam Firewall 3.1.10 and Earlier Authentication Failure Information Disclosure Vulnerability in BEA WebLogic Server Path Disclosure Vulnerability in Php-Nuke 7.5 Cross-Site Scripting (XSS) Vulnerabilities in Php-Nuke 7.5 Remote Log File Disclosure in AWStats 6.3 and 6.4 AWStats PluginMode Parameter Code Injection Vulnerability Arbitrary Perl Module Inclusion via Directory Traversal in AWStats Information Disclosure Vulnerability in AWStats 6.3 and 6.4 via debug Parameter Buffer Overflow in ELOG's decode_post Function Allows Remote Code Execution via Long File Names Authentication Bypass and Sensitive Information Disclosure in ELOG before 2.5.7 Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 CubeCart 2.0.4 Directory Traversal Vulnerability in index.php Path Disclosure and Cross-Site Scripting (XSS) Vulnerabilities in CubeCart 2.0.4 Arbitrary Code Execution via Insecure Library Path in VMware Open WebMail 2.x Cross-Site Scripting (XSS) Vulnerability in Login Page Denial of Service Vulnerability in Squid 2.5.STABLE8 and Earlier Denial of Service Vulnerability in Solaris 7, 8, and 9 via ARP Packet Flood Arbitrary Setuid Binary Creation Vulnerability in Perl's rmtree Function Denial of Service and Firewall Bypass Vulnerability in Linux Netfilter/Iptables Module Directory Traversal Vulnerability in Sami HTTP Server 1.0.5 Sami HTTP Server 1.0.5 Denial of Service Vulnerability ASP.NET Cross-Site Scripting (XSS) Vulnerabilities via Unicode Representations Remote Code Disclosure Vulnerability in Lighttpd 1.3.7 and Earlier Multiple SQL Injection Vulnerabilities in DCP-Portal 6.1.1 and Earlier Stack-based Buffer Overflow in CSmil1Parser::testAttributeFailed Function in RealPlayer 10.5 and Earlier Arbitrary Code Execution via Obscured Download Dialog in Opera 7.54 and Earlier Insecure Path for Plugins in Opera 7.54 and Earlier on Gentoo Linux Arbitrary Web Script Injection Vulnerability in osCommerce 2.2-MS2 contact_us.php Path Disclosure Vulnerability in phpMyAdmin 2.6.2-dev and Earlier Versions Information Disclosure Vulnerability in MercuryBoard 1.0.x and 1.1.x via debug parameter Remote Code Execution Vulnerability in NewsBruiser 2.x before 2.6.1 Arbitrary HTML and Web Script Injection Vulnerability in MercuryBoard 1.0.x and 1.1.x Unvalidated Input in Ulog-php 1.0: Potential SQL Injection Vulnerabilities Privilege Escalation via Debug Mode in gr_osview on SGI IRIX 6.5.22 Privilege Escalation Vulnerability in gr_osview on SGI IRIX Integer Overflow Vulnerabilities in PuTTY SFTP Clients Heap-based Buffer Overflow in BSD-based Telnet Clients Buffer Overflow in BSD-based Telnet Clients Allows Remote Code Execution via LINEMODE Suboptions Buffer Overflow Vulnerability in wpa_supplicant Allows Remote Denial of Service Predictable File Name Vulnerability in Sun Java JRE Denial of Service Vulnerability in Gaim 1.1.3 and earlier HTML Parsing Vulnerability in Gaim 1.1.3 and Earlier Versions SQL Injection Vulnerability in WebCalendar 0.9.45 Allows Remote Code Execution SQL Injection Vulnerability in paFAQ Beta4 and Other Versions Arbitrary Code Injection through hpm_guestbook.cgi Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3.1 FINAL Buffer Overflow Vulnerabilities in TrackerCam 5.12 and Earlier: Remote Code Execution and Denial of Service Directory Traversal Vulnerability in TrackerCam 5.12 and Earlier: Arbitrary File Read TrackerCam 5.12 and Earlier XSS Vulnerability in Login Request Log File Handling Remote Log File Disclosure in TrackerCam 5.12 and Earlier Denial of Service Vulnerability in TrackerCam 5.12 and Earlier Directory Traversal Vulnerabilities in Glftpd 1.26 to 2.00 Format String Vulnerability in GProFTPD Allows Remote Code Execution Arbitrary HTML and Script Injection in paNews 2.0b4 Comment.php (XSS Vulnerability) Authentication Information Disclosure Vulnerability in Tarantella Secure Global Desktop Enterprise Edition and Tarantella Enterprise Arbitrary HTML and Web Script Injection in Kayako ESupport 2.3.1 Vulnerability: Remote Reading of Sensitive Environment Variables in BSD-based Telnet Clients Denial of Service Vulnerability in Linux Kernel 2.4 before 2.4.17 Stack-based buffer overflows in libcURL and cURL 7.12.1 allow remote code execution via base64 encoded replies Arkeia Server Backup 5.3.x Stack-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in Adobe Acrobat Reader 6.0.3 and 7.0.0 CRLF Injection Vulnerability in Biz Mail Form Allows for Email Spam Unauthenticated Remote Access Vulnerability in Thomson TCW690 Cable Modem Cross-Site Scripting (XSS) Vulnerability in ZeroBoard Arkeia Network Backup Client 5.x Hard-Coded Credentials Vulnerability Privilege Escalation via ADP Elite System Max 9000 Gigafast Router Vulnerability: Remote Access to Administrator Password via backup.cfg Denial of Service Vulnerability in Gigafast Router with DNS Proxy Enabled Title: Domain Spoofing Vulnerability in Internet Explorer 6.0 on Windows XP SP2 Remote Code Execution Vulnerability in Bontago 1.1 and Earlier via Long Nickname Directory Traversal Vulnerability in Xinkaa 1.0.3 and Earlier Privilege Escalation in uim before 0.4.5.1 via Environment Variable Trust Buffer Overflow Vulnerability in Moxa Serial Driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x Remote Code Execution Vulnerability in Information Resource Manager (IRM) before 1.5.2.1 via LDAP Logins Clear-text Storage of Sensitive Data in Avaya IP Office Phone Manager and IP Softphone SD Server 4.0.70 and Earlier Directory Traversal Vulnerability Script Security Bypass Vulnerability in Squiggle for Batik before 1.5.1 Cross-Site Scripting (XSS) Vulnerabilities in Mono 1.0.5 Implementation of ASP.NET Denial of Service Vulnerability in Fallback-Reboot Daemon Arbitrary PHP Code Execution in vBulletin 3.0.6 and Earlier with Add Template Name in HTML Comments Enabled Remote File Inclusion Vulnerability in Mambo 4.5.2 Tar.php Remote File Inclusion Vulnerability in Email This Entry Add-on for pMachine Pro 2.4 Arbitrary HTML and Web Script Injection in Verity Ultraseek (XSS Vulnerability) Privilege Escalation Vulnerability in My Firewall Plus 5.0 build 1117 Arbitrary Command Execution in Twiki's ImageGalleryPlugin Plaintext Password Storage in PeerFTP_5's PeerFTP.ini Files Vulnerability Plaintext Storage of Sensitive Information in eXeem 0.21 ArGoSoft FTP Server Arbitrary File Read Vulnerability ArGoSoft FTP Server Arbitrary File Read Vulnerability Plaintext Storage of Sensitive Information in SendLink 1.5 Allows Local Privilege Escalation Plaintext Password Storage in Chat Anywhere 2.72a INI File Vulnerability ProZilla 1.3.7.3 Format String Vulnerability in Location Header Denial of Service Vulnerability in PHP's getimagesize Function Denial of Service Vulnerability in PHP's getimagesize Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in PBLang 4.65 Firescrolling: Remote Code Execution Vulnerability in Firefox 1.0 Heap-based Buffer Overflow in Linux Kernel 2.6.10 and 2.6.11rc1-bk6 due to Inconsistent Size Types Signedness Error in copy_from_read_buf Function Allows Local Users to Read Kernel Memory Buffer Overflow Vulnerability in atm_get_addr Function Buffer Overflow Vulnerability in reiserfs_copy_from_user_to_file_region Function Heap-based Buffer Overflow in Trend Micro AntiVirus Library: Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in MediaWiki 1.3.x and 1.4 beta CSRF Vulnerability in MediaWiki 1.3.x and 1.4 beta Directory Traversal Vulnerability in MediaWiki 1.3.x and 1.4 beta SQL Injection Vulnerabilities in iGeneric (iG) Shop 1.2: Remote Code Execution via page.php Arbitrary File Read Vulnerability in Ginp Java Photo Gallery Web Application Privilege Escalation Vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 Servers via Guided Setup Wizard Information Disclosure Vulnerability in Cyclades AlterPath Manager (APM) Console Server 1.2.1 Arbitrary Console Connection Vulnerability in Cyclades AlterPath Manager (APM) Console Server 1.2.1 Privilege Escalation via adminUser Parameter in Cyclades AlterPath Manager (APM) Console Server 1.2.1 Cross-Site Scripting (XSS) Vulnerability in phpMyAdmin 2.6.1 Path Disclosure Vulnerability in phpMyAdmin 2.6.1 Bypassing Group Policies Restricting Hidden Drives in Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 Multiple Buffer Overflows in Cyrus IMAPd Before 2.2.11 FTP Server Unauthorized Access Vulnerability Solaris AnswerBook2 Documentation XSS Vulnerability Solaris AnswerBook2 Documentation XSS Vulnerability Object Management Vulnerability: Buffer Overflow in Microsoft Windows 2000, XP, and Server 2003 Stack-based Buffer Overflow in WINSRV.DLL Allows Privilege Escalation DHTML Object Memory Corruption Vulnerability URL Parsing Memory Corruption Vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6 Content Advisor Buffer Overflow Vulnerability Remote Code Execution Vulnerability in Microsoft Word 2000, 2002, and 2003 Heap-based Buffer Overflow in Exchange Server SMTP Service Remote Code Execution Vulnerability in MSN Messenger 6.2 via Improperly Sized GIF Image Arbitrary Script Injection Vulnerability in Microsoft Outlook Web Access (OWA) Component in Exchange Server 5.5 Stack-based Buffer Overflow in Microsoft Word and Works Suites via Long Font Information Remote Code Execution in phpWebSite Announce Module Remote Code Execution Vulnerability in Golden FTP Server Pro (goldenftpd) 2.x via Long RNTO Command PHP Remote File Inclusion Vulnerabilities in phpMyAdmin 2.6.1 Remote Denial of Service Vulnerability in Soldier of Fortune II 1.03 Gold Multiple SQL Injection Vulnerabilities in PunBB 1.2.1 Denial of Service Vulnerability in PunBB 1.2.1 via NULL Password Arbitrary File Read Vulnerability in PunBB 1.2.1 via admin_loader.php Sensitive Information Disclosure in phpWebSite 0.10.0 and earlier via Invalid SEA_search_module Parameter Denial of Service Vulnerability in Gaim 1.1.3 on Windows Systems CIS WebServer 3.5.13 Directory Traversal Vulnerability Buffer Overflow Vulnerability in Stormy Studios Knet 1.04c and Earlier: Remote Code Execution and Denial of Service Local File Manipulation Vulnerability in Solaris 9 STSF Font Server Daemon (stfontserverd) Remote Code Execution via Format String Vulnerability in DNA MKBold-MKItalic 0.06_1 and Earlier Symlink Attack Vulnerability in Firefox and Mozilla Suite XAUTHORITY Environment Variable Not Set Vulnerability in FreeNX Improper Privilege Dropping in cmd5checkpw Allows Local File Read Multiple Buffer Overflows in Computer Associates (CA) License Client and Server 0.1.0.15: Remote Code Execution Vulnerabilities Remote Code Execution Vulnerability in Computer Associates (CA) License Client 0.1.0.15 via PUTOLF Request Buffer Overflow Arbitrary File Creation Vulnerability in CA License Client 0.1.0.15 Focus Vulnerability in Firefox and Mozilla HTTP Authentication Dialog Vulnerability: Truncation of long sub-domains or paths in Firefox and Mozilla File Extension Spoofing Vulnerability in Firefox and Mozilla Arbitrary File Overwrite Vulnerability in Firefox and Mozilla Cross-Domain File Disclosure Vulnerability in Firefox and Mozilla Form Fill Vulnerability in Firefox Spoofing Hostname in Installation Confirmation Dialog Firespoofing: Remote Code Execution and Download Spoofing Vulnerability in Firefox Heap-based Buffer Overflow in UTF8ToNewUnicode Function in Firefox and Mozilla SSL Secure Site Lock Icon Spoofing Vulnerability NeST Buffer Overflow Vulnerability: Local Code Execution Remote Code Execution Vulnerability in BadBlue 2.55 via Buffer Overflow in ext.dll Denial of Service Vulnerability in PHP 4's readfile Function Denial of Service Vulnerability in Cisco ACNS 5.0 and 5.1 Denial of Service Vulnerability in RealServer RealSubscriber on Cisco ACNS 5.1 Denial of Service Vulnerability in Cisco ACNS 4.x, 5.0, and 5.1 Denial of Service Vulnerability in Cisco ACNS 5.x Default Password Vulnerability in Cisco ACNS Devices Unzip 5.51 and Earlier Privilege Escalation Vulnerability Sensitive Information Disclosure in viewtopic.php of phpBB 2.0.12 and earlier Plaintext Storage of Credentials in GFI Languard Network Security Scanner 5.0 Buffer Overflow Vulnerability in LibXPM's scan.c Allows Arbitrary Code Execution Cross-site scripting (XSS) vulnerability in CubeCart 2.0.0 through 2.0.5 Path Disclosure Vulnerability in CubeCart 2.0.0 through 2.0.5 WebMod 0.47 Server.cpp Heap-Based Buffer Overflow Vulnerability Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD Heap-based Buffer Overflow in RealPlayer and RealOne Player Allows Remote Code Execution via .WAV Files Hard-coded Default SNMP Community Strings in Cisco IP/VC Videoconferencing Systems Arbitrary File Upload Vulnerability in FCKeditor 2.0 RC2 with PHP-Nuke Remote Code Execution Vulnerability in phpBB 2.0.12 and earlier via autologinid Cookie SQL Injection Vulnerabilities in PostNuke 0.760-RC2: Remote Code Execution via catid Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in PostNuke Download Module SQL Injection Vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 SMTP Traffic Leakage Vulnerability Plaintext Storage of Sensitive Information in Einstein 1.0.1 Registry Plaintext Credit Card Data Storage Vulnerability in Einstein 1.0 Denial of Service Vulnerability in Scrapland 1.0 and Earlier Information Disclosure Vulnerability in RaidenHTTPD 1.1.32 Remote Code Execution Vulnerability in RaidenHTTPD 1.1.32 and Earlier Versions World-readable permissions in .reportbugrc configuration file in reportbug before 2.62 allows local users to obtain email smarthost passwords Sensitive Information Exposure in reportbug 3.2 via .reportbugrc Settings Race condition vulnerability in Squid 2.5.STABLE7 to 2.5.STABLE9 allows cookie theft Arbitrary Program Execution Vulnerability in Qt Multiple Cross-Site Scripting (XSS) Vulnerabilities in Forumwa 1.0 Cross-Site Scripting (XSS) Vulnerabilities in profile.php in 427BB 2.2 Arbitrary File Read Vulnerability in sendpm.php in PBLang 4.63 Arbitrary PM File Deletion Vulnerability in PBLang 4.63 PHPNews 1.2.4 Remote File Inclusion Vulnerability in auth.php Remote Code Execution Vulnerability in Trillian 3.0 and Pro 3.0 via Crafted PNG Image Remote Code Execution Vulnerability in Golden FTP Server 1.92 via Long USER Command Remote Code Execution Vulnerability in Foxmail Server 2.0 via Buffer Overflow in USER Command Foxmail Server 2.0 Format String Vulnerability Kernel Memory Modification Vulnerability in OpenBSD 3.5 and 3.6 Arbitrary Command Execution via Unquoted Filenames in xloadimage and xli Arbitrary Code Execution Vulnerabilities in xli before 1.17 Local Privilege Escalation in CA Unicenter Asset Management (UAM) 4.0 XSS Vulnerability in CA Unicenter Asset Management (UAM) 4.0 Reporter Remote Code Execution via SQL Injection in CA Unicenter Asset Management (UAM) 4.0 Query Designer Buffer Overflow in McAfee Scan Engine 4320 with DAT Version Before 4357 via Crafted LHA Files Buffer Overflow in McAfee Scan Engine 4320 with DAT Version Before 4436 via Malformed LHA File Arbitrary Code Injection via XSS Vulnerability in cuteNews 1.3.6 SQL Injection Vulnerability in paNews 2.0.4b: Remote Code Execution via mysql_prefix Parameter in auth.php Arbitrary PHP Code Injection in paNews 2.0.4b via admin_setup.php Cross-Site Scripting (XSS) Bypass Vulnerabilities in Pixel-Apes SafeHTML Bypassing Cross-Site Scripting (XSS) Protection in Pixel-Apes SafeHTML before 1.2.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ProjectBB 0.4.5.1 Multiple SQL Injection Vulnerabilities in ProjectBB 0.4.5.1 Privilege Escalation Vulnerability in HP OpenVMS VAX and Alpha Privilege Escalation in phpMyAdmin 2.6.1 for Tables with Underscore in Name Denial of Service Vulnerability in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 via gifload.exe Sensitive Information Disclosure in auraCMS 1.5 via Invalid id Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in auraCMS 1.5 Directory Traversal Vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 Arbitrary SQL Command Execution in TYPO3 Extension via category_uid Parameter Path Disclosure Vulnerability in phpBB 2.0.13 and Earlier Arbitrary Web Script Injection in D-Forum 1.11 SQL Injection Vulnerability in Woltlab Burning Board 2.0.3 through 2.3.0 MercuryBoard 1.1.2 - Cross-Site Scripting (XSS) Vulnerability in index.php SQL Injection Vulnerability in MercuryBoard 1.1.2 index.php EXIF Library Buffer Overflow Vulnerability XV Format String Vulnerability PaX Vulnerability: Bypassing Access Restrictions and Arbitrary Code Execution Buffer Overflow Vulnerability in Sylpheed Email Client Unidentified vulnerability in HAVP before 0.51 allows evasion of virus detection in specific file formats Multiple SQL Injection Vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpCOIN 1.2.0 through 1.2.1b Format String Vulnerability in Ca3DE Engine Null Dereference Vulnerability in Carsten's 3D Engine (Ca3DE) Arbitrary HTML Injection in phpBB 2.0.13 User Signatures Arbitrary Script Injection in paBox 1.6 News Module Arbitrary Web Script Injection Vulnerability in Zorum 3.5 index.php SQL Injection Vulnerability in Zorum 3.5's index.php Arbitrary User Actions Vulnerability in Zorum 3.5 PHP Remote File Inclusion Vulnerability in Form Mail Script 2.3 and Earlier Remote File Inclusion Vulnerability in Tell A Friend Script 2.7 and 2.4 Remote File Inclusion Vulnerability in Download Center Lite 1.6 Allows Arbitrary PHP Code Execution Denial of Service Vulnerability in Nokia Symbian 60 via Bluetooth Nickname Arbitrary Web Script Injection Vulnerability in Drupal before 4.5.2 Multiple Buffer Overflows in MySQL MaxDB Web Tool Multiple Access Validation Errors in OutStart Participate Enterprise (PE) Allow Remote Attackers to Perform Unauthorized Activities Arbitrary Code Execution via Integer Overflow in mlterm with gdk-pixbuf Support Format String Vulnerability in Hashcash 1.16: Remote Code Execution and Denial of Service Denial of Service Vulnerability in Windows Server 2003 and XP SP2 Arbitrary Command Execution in The Includer's includer.cgi Privilege Escalation via Unrestricted Access to Gene6 FTP Server Control Console Remote File Inclusion Vulnerability in SocialMPN's Article Mode Allows Arbitrary PHP Code Execution Arbitrary Web Script Injection via IMG BBCode in PHP-Fusion 5.x Buffer Overflow Vulnerability in JoWood Chaser 1.50 and Earlier: Remote Code Execution and Denial of Service Sensitive Information Disclosure via Log File Location Information Disclosure Vulnerability in Hosting Controller 6.1 Hotfix 1.7 and earlier ArGoSoft FTP Server 1.4.2.8 and 1.4.3.5 Buffer Overflow Vulnerability SQL Injection Vulnerability in CopperExport 0.2.1: Remote Code Execution via xp_publish.php PHPWebLog 0.5.3 and Earlier: Remote File Inclusion Vulnerability Buffer Overflow Vulnerabilities in CDMA A11 (3G-A11) Dissector in Ethereal 0.10.9 and Earlier Remote Code Execution Vulnerability in Aztek Forum 4.0 Oracle Database Server Directory Traversal Vulnerability Remote SQL Injection Vulnerability in phpMyFAQ 1.4 and 1.5 via Forum Messages Unauthenticated Account Modification Vulnerability in Xerox MicroServer Web Server Buffer Overflow Vulnerability in Etheric Dissector in Ethereal 0.10.7 through 0.10.9 GPRS-LLC Dissector Denial of Service Vulnerability Buffer Overflow Vulnerability in discdb.c for Grip 3.1.2 Buffer Overflow in Ipswitch Collaboration Suite (ICS) IMAP Daemon (IMAP4d32.exe) Allows Remote Code Execution Kernel Memory Leakage Vulnerability in FreeBSD's sendfile System Call Arbitrary Code Execution via CREATE FUNCTION in MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10 Arbitrary Library Execution via MySQL.func Table Modification Arbitrary File Overwrite Vulnerability in MySQL Temporary Tables World-writable permissions vulnerability in Mac OS X before 10.3.8 Bluetooth Setup Assistant Privilege Escalation Vulnerability Insecure Permissions in AFP Server's Drop Boxes Allow Unauthorized Access Stack-based Buffer Overflow in Core Foundation Library in Mac OS X Remote Denial of Service Vulnerability in Squid 2.5.STABLE7 and Earlier Denial of Service Vulnerability in HP Tru64 Unix Message Queue PHP mcNews 1.3 - Remote File Inclusion Vulnerability in admin/header.php eXPerience2 modules.php Remote File Inclusion Vulnerability Path Disclosure Vulnerability in eXPerience2 Cross-site scripting (XSS) vulnerability in paFileDB 3.1 and earlier Information Disclosure Vulnerability in paFileDB 3.1 and Earlier Arbitrary SQL Command Execution in WF-Sections 1.07 via getAllbyArticle Function Arbitrary SQL Command Execution in UBB.threads 6.0 via editpost.php Xpand Rally 1.1.0.0 Format String Vulnerability Denial of Service Vulnerability in PY Software Active Webcam WebServer (webcam.exe) 5.5 Denial of Service Vulnerability in PY Software Active Webcam WebServer (webcam.exe) 5.5 Information Disclosure: Full Path Disclosure in PY Software Active Webcam WebServer (webcam.exe) 5.5 Information Disclosure Vulnerability in PY Software Active Webcam WebServer Denial of Service Vulnerability in PY Software Active Webcam WebServer (webcam.exe) 5.5 Remote Privilege Escalation in NewsScript via mode Parameter Integer Overflow in sys_epoll_wait: Exploiting a Kernel Memory Overwrite Vulnerability Buffer Overflow Vulnerability in Yahoo! Messenger Offline Mode Denial of Service Vulnerability in Microsoft Exchange Server 2003 SP1 via Stack Consumption Buffer Overflow Vulnerability in IAPP Dissector for Ethereal 0.9.1 to 0.10.9 Denial of Service Vulnerability in OpenBSD TCP Stack YaBB.pl Remote Cross-Site Scripting (XSS) Vulnerability Sun Java System Application Server 7 Cross-Site Scripting (XSS) Vulnerability Arbitrary PHP Script Upload Vulnerability in XOOPS 2.0.9.2 and Earlier Session Hijacking and Privilege Escalation Vulnerability in Novell iChain Web GUI Local Bypass Vulnerability in UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) Information Disclosure Vulnerability in Novell iChain FTP Server Remote Information Disclosure Vulnerability in ApplyYourself i-Class Remote File Inclusion Vulnerability in WEBInsta Mailing List Manager 1.3d initdb.php Denial of Service Vulnerability in Linux Kernel's load_elf_library Function Privilege Escalation via Negative Protocol Value in Linux Bluetooth Stack Arbitrary Code Execution via PLUGINSPAGE Attribute in Firefox Plugin Finder Service (PFS) Remote Code Execution Vulnerability in CVS before 1.11.20 Remote Code Execution in Kommander in KDE 3.2 through KDE 3.4.0 Heap-based Buffer Overflow in RealPlayer and Helix Player Denial of Service Vulnerability in ptrace on Linux Kernel 2.6.8.1 (amd64) Denial of Service Vulnerability in xattr File System Code on Red Hat Enterprise Linux 3 Arbitrary Command Execution via Filename Injection in zgrep Denial of Service Vulnerability in ImageMagick TIFF Image Parsing Denial of Service Vulnerability in ImageMagick TIFF Decoder Denial of Service Vulnerability in ImageMagick 6.1.8 and earlier via Crafted PSD File SGI ImageMagick Heap-Based Buffer Overflow Vulnerability Arbitrary Code Execution Vulnerability in Midnight Commander (mc) 4.5.55 and Earlier Buffer Overflow Vulnerability in rxvt-unicode Allows Remote Code Execution JXTA Dissector Denial of Service Vulnerability in Ethereal 0.10.9 Denial of Service Vulnerability in Ethereal sFlow Dissector Race condition vulnerability in Radeon DRI driver for Linux kernel 2.6.8.1 allows local privilege escalation Buffer Overflow Vulnerability in GoodTech Telnet Server Buffer Overflow Vulnerabilities in OpenSLP 1.1.5 and Earlier Versions Format String Vulnerability in IDA Pro 4.7.0.830 Allows Remote Code Execution Remote Registry Modification Vulnerability in VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows Denial of Service Vulnerability in VERITAS Backup Exec Stack-based Buffer Overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows and 9.0.4019 through 9.1.307 for Netware SQL Injection Vulnerability in PhotoPost PHP 5.0 RC3's member.php and Other Scripts Unrestricted Logging Data in PhotoPost PHP 5.0 RC3 Allows Email Flooding Remote Code Execution in PhotoPost PHP 5.0 RC3 via adm-photo.php Cross-Site Scripting (XSS) Vulnerabilities in PhotoPost PHP 5.0 RC3 Arbitrary JavaScript Injection via Image Upload in PhotoPost PHP 5.0 RC3 Denial of Service Vulnerability in PlatinumFTP 1.0.18 and Earlier Versions Sensitive Information Disclosure in paFileDB 3.1 and Earlier SQL Injection Vulnerability in paFileDB 3.1 and Earlier: Remote Code Execution via start Parameter Arbitrary Web Script Injection in paFileDB 3.1 and Earlier Arbitrary Script Injection via File Attachment Filename in Phorum Multiple Cross-Site Scripting (XSS) Vulnerabilities in Phorum before 5.0.15 YaBB 2.0 rc1 usersrecentposts Cross-site Scripting (XSS) Vulnerability SQL Injection Vulnerability in SimpGB's gb_new.inc Allows Remote Code Execution World Readable Temp Files in Wine 20050211 and Earlier: A Security Vulnerability Arbitrary File Read Vulnerability in LimeWire 4.1.2 - 4.5.6 LimeWire Directory Traversal Vulnerability Sensitive Information Disclosure in phpAdsNew 2.0.4 Arbitrary Web Script Injection via refresh Parameter in phpAdsNew 2.0.4-pr1 SQL Injection Vulnerability in ZPanel 2.0 ZPanel PHP Remote File Inclusion Vulnerability Unprotected Installation Scripts in ZPanel 2.0 and 2.5 Beta 10 Unrestricted File Access in HolaCMS 1.4.9 Directory Traversal Vulnerability in HolaCMS 1.4.9-1 Allows Arbitrary File Overwrite Information Disclosure and Brute Force Vulnerability in Novell iChain Mini FTP Server 2.3 Unlimited Login Attempts Vulnerability in Novell iChain Mini FTP Server 2.3 Denial of Service Vulnerability in MySQL 4.1.9 and Earlier Versions Remote File Inclusion Vulnerability in mcNews 1.3 and Earlier via install.php Directory Traversal Vulnerability in The Includer's includer.cgi Arbitrary Code Execution via Cross-Site Scripting (XSS) in ACS Blog 0.8 through 1.1b Enhanced Metafile Vulnerability in GetEnhMetaFilePaletteEntries API Format String Vulnerability in MailEnable 1.8: Remote Denial of Service via Mailto Field SQL Injection Vulnerability in Subdreamer Light's index.php Denial of Service Vulnerability in Evolution 2.0.3 Multiple Buffer Overflows in Cain & Abel: Remote Code Execution and Denial of Service Vulnerabilities Denial of Service Vulnerability in Apache Tomcat 5.x via Crafted AJP12 Packet Weak Encryption Scheme in NotifyLink Allows Remote Attackers to Obtain AES Keys SQL Injection Vulnerability in NotifyLink 3.0: Remote Code Execution via URL Bypassing Restricted Functions in NotifyLink 3.0 Web Interface Cleartext Password Display Vulnerability in NotifyLink 3.0 Buffer Overflow Vulnerability in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 Denial of Service Vulnerability in Lysator LSH 1.x and 2.x ISO9660 Filesystem Handler Range Checking Flaws in Linux 2.6.11 and Earlier Buffer Overflow Vulnerability in newgrp Allows Local Privilege Escalation DNS Cache Poisoning Vulnerability in Symantec Gateway Security, Enterprise Firewall, and VelociRaptor PunBB 1.2.3 Cross-Site Scripting (XSS) Vulnerability in Email and Jabber Parameters Unauthenticated Remote Session Redirection in Novell Netware 6.5 SP2 and SP3 Sensitive Information Disclosure in Microsoft Office InfoPath 2003 SP1 Unrestricted Control Exploit in Citrix MetaFrame Conferencing Manager 3.0 Clear-text Password Storage Vulnerability in Citrix Metaframe Password Manager Cleartext Storage of User Credentials in ThePoolClub (iPool and iSnooker) Arbitrary File Overwrite Vulnerability in Mathopd Buffer Overflow Vulnerability in LTris Allows Arbitrary Code Execution via Crafted Highscores File Denial of Service Vulnerability in OllyDbg 1.10 and Earlier Path Disclosure Vulnerability in Viewcat.php Arbitrary PHP File Read Vulnerability in RUNCMS, CIAMOS, e-Xoops, and Similar Products Arbitrary Web Script Injection in Digitanium Addon to PHP-Fusion 5.01 Arbitrary Code Execution Vulnerability in Xzabite DYNDNSUpdate User Spoofing Vulnerability in PHP-Post through Hex-Encoded Username Registration Arbitrary Web Script Injection Vulnerability in PHP-Post before 0.33 Remote Access to Restricted Resources via Belkin 54G (F5D7130) Wireless Router's UPNP Vulnerability Default SNMP Configuration in Belkin 54G (F5D7130) Wireless Router Allows Remote Information Disclosure Denial of Service Vulnerability in Belkin 54G (F5D7130) Wireless Router's SNMP Service Java Web Start Argument Injection Vulnerability IceCast 2.20 XSL File Source Disclosure Vulnerability Buffer Overflow Vulnerabilities in IceCast 2.20 XSL Parser Privilege Escalation via N_MOUSE Line Discipline in Linux Kernel 2.6 SQL Injection Vulnerability in Multiple PHP Files of phpMyFamily 1.4.0 Kayako eSupport 2.3 - Cross-Site Scripting (XSS) Vulnerability in index.php CRLF Injection Vulnerability in Phorum 5.0.14a's search.php Allows HTTP Response Splitting Attacks Nortel VPN Client 5.01 Cleartext Password Storage Vulnerability SurgeMail 2.2g3 Webmail Interface Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in SurgeMail 2.2g3 Email Auto-Reply Denial of Service Vulnerability in Code Ocean FTP Server 1.0 Denial of Service Vulnerability in Multiple FUN Labs Games Memory Access Vulnerability in Multiple Games Developed by FUN Labs Denial of Service Vulnerability in FileZilla FTP Server Denial of Service Vulnerability in FileZilla FTP Server with MODE Z Compression Denial of Service Vulnerability in Microsoft Windows XP SP1 Sensitive Information Disclosure in Betaparticle Blog (BP Blog) Remote File Upload and File Deletion Vulnerability in BetaParticle Blog (BP Blog) Sensitive Path Information Disclosure in CoolForum 0.8.1 beta and earlier SQL Injection Vulnerability in CoolForum 0.8.1 beta and Earlier Arbitrary Web Script Injection in CoolForum 0.8 and Earlier via avatar.php Multiple SQL Injection Vulnerabilities in CoolForum 0.8 and Earlier CzarNews 1.13b PHP Remote File Inclusion Vulnerability Remote File Inclusion Vulnerability in TRG News Script 3.0 Buffer Overflow Vulnerabilities in DeleGate before 8.11.1: Denial of Service and Arbitrary Code Execution PHP Remote File Inclusion Vulnerabilities in PHPOpenChat 3.0.1 and Earlier PHPOpenChat v3.x Cross-Site Scripting (XSS) Vulnerability Arbitrary File Read Vulnerability in Boa Web Server Default Password Vulnerability in Samsung ADSL Modem SMDK8947v1.2 Symlink Attack Vulnerability in cdrecord DEBUG Mode Kernel Memory Overwrite Vulnerability via Sysfs File in Linux Kernel 2.6 Vulnerability: Arbitrary Command Execution via AS/400 Telnet 5250 Terminal Emulation Clients Sensitive Information Disclosure in phpSysInfo 2.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpSysInfo 2.3 with Enabled register_globals Sensitive Information Disclosure in Topic Calendar 1.0.1 Module for phpBB Arbitrary Code Injection via start Parameter in Topic Calendar 1.0.1 Module for phpBB Oracle Reports Server 10g (9.0.4.3.3) Multiple Cross-Site Scripting (XSS) Vulnerabilities in test.jsp Buffer Overflow Vulnerabilities in Trillian 2.0 Plug-ins: AIM, MSN, RSS, and Others Buffer Overflow Vulnerabilities in Yahoo Plug-in for Trillian Dnsmasq Off-by-One Buffer Overflow Vulnerability Remote DNS Cache Poisoning Vulnerability in Dnsmasq Arbitrary Web Script Injection via PM Title Field in MercuryBoard Arbitrary PHP Code Execution via Remote File Include in Vortex Portal's content.php and index.php Sensitive Information Disclosure in Vortex Portal via Invalid act Parameter Interspire ArticleLive 2005: Cross-Site Scripting (XSS) Vulnerability in articles.newcomment SQL Injection Vulnerability in BirdBlog 1.2.0: Remote Code Execution via admincore.php Cross-Site Scripting (XSS) Vulnerabilities in DigitalHive 2.0 base.php Remote Code Execution Vulnerability in DigitalHive 2.0 XSS Vulnerabilities in XMB Forum 1.9.1: Mood and Send To Fields Invision Power Board 2.0.2 XSS Vulnerability Double Choco Latte Eval Injection Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in Double Choco Latte 0.9.4.3's functions.inc.php Dream4 Koobi CMS 4.2.3 - Cross-Site Scripting (XSS) Vulnerability in index.php Dream4 Koobi CMS 4.2.3 SQL Injection Vulnerability Double Free Vulnerability in GTK 2 Allows Remote Denial of Service via Crafted BMP Image Buffer Overflow Vulnerability in Smail 3.2.0.120 Allows Arbitrary Code Execution via Long String in MAIL FROM Command Arbitrary Code Execution Vulnerability in smail 3.2.0.120 Signal Handlers Arbitrary File Overwrite and Deletion Vulnerability in OpenMosixView 1.5 Denial of Service Vulnerability in Netcomm 1300NB DSL Modem Cross-Site Scripting (XSS) Vulnerabilities in phpMyDirectory 10.1.3-rel review.php Remote File Inclusion Vulnerability in E-Store Kit-2 PayPal Edition's catalog.php Allows Arbitrary Code Execution Arbitrary Web Script Injection Vulnerability in E-Store Kit-2 PayPal Edition Default LDAP Installation and Profile Disclosure Vulnerability Information Disclosure in NukeBookmarks 0.6 for PHP-Nuke Cross-Site Scripting (XSS) Vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke SQL Injection Vulnerability in NukeBookmarks 0.6: Remote Code Execution via category Parameter in marks.php QuickTime PictureViewer 6.5.1 Denial of Service Vulnerability via Crafted Huffman Table Data Unauthenticated Remote Shutdown Vulnerability in Windows XP SP1 Maxthon 1.2.0 Remote Data Leakage Vulnerability Remote Code Execution Vulnerability in Tincat Network Library 2.x Multiple SQL Injection Vulnerabilities in Valdersoft Shopping Cart 3.0 Cross-Site Scripting (XSS) Vulnerabilities in Valdersoft Shopping Cart 3.0 Remote File Inclusion Vulnerability in TKai's Shoutbox Allows Arbitrary PHP Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in exoops Multiple SQL Injection Vulnerabilities in exoops Unspecified Vulnerabilities in deplate before 0.7.2 with Potential Impact on elements.rb Arbitrary PHP Code Execution Vulnerability in Smarty's regex_replace Modifier Multiple Cross-Site Scripting (XSS) Vulnerabilities in CPG Dragonfly 9.0.2.0 Authentication Bypass Vulnerability in Webmasters-Debutants WD Guestbook 2.8 Denial of Service Vulnerability in Linux Kernel 2.6.11 with CONFIG_HUGETLB_PAGE Remote File Inclusion Vulnerability in EncapsBB 0.3.2_fixed: Arbitrary PHP Code Execution Arbitrary File Existence Disclosure in NPSVG3.dll ActiveX Control Cross-Site Scripting (XSS) Vulnerability in Adventia Chat 3.1 and Server Pro 3.0 SQL Injection Vulnerabilities in Bugtracker.NET 2.0.1 Local Credential Storage Vulnerability in Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 Auto-Protect Module Denial of Service Vulnerability in Symantec Norton AntiVirus 2004/2005 Denial of Service Vulnerability in Symantec Norton AntiVirus 2004/2005 Adventia E-Data 2.0 XSS Vulnerability: Remote Code Injection via Query Keyword Arbitrary Web Script Injection Vulnerability in Ublog Reload 1.0 through 1.0.4 Buffer Overflow Vulnerability in Sylpheed before 1.0.4 with MIME-encoded File Names Unspecified Shell Metacharacter Vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PhotoPost PHP Pro 5.x SQL Injection Vulnerability in PhotoPost PHP Pro 5.x Cross-Site Scripting (XSS) Vulnerability in Chatness 2.5.1 and Earlier The Includer 1.0 and 1.1 PHP Remote File Inclusion Vulnerability Multiple SQL Injection Vulnerabilities in phpCOIN 1.2.1b and Earlier Directory Traversal Vulnerability in auxpage.php in phpCOIN 1.2.1b and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in WackoWiki R4 SQL Injection Vulnerabilities in ESMI PayPal Storefront Arbitrary Script Injection Vulnerability in ESMI PayPal Storefront's products1h.php Deadlock Vulnerability in futex.c for Linux Kernel 2.6.x Information Disclosure Vulnerability in Ublog Reload 1.0 through 1.0.4 Heap-based Buffer Overflow in OpenOffice.org OpenOffice 1.1.4 and Earlier Denial of Service Vulnerability in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x Denial of Service Vulnerability in Cisco VPN 3000 Series Concentrator Arbitrary Code Execution Vulnerability in Microsoft Jet DB Engine (msjet40.dll) 4.00.8618.0 ACS Blog 1.1.1 Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in phpCoin 1.2.1b and Earlier: Remote Code Execution Directory Traversal Vulnerability in auxpage.php in phpCoin 1.2.1b and Earlier SQL Injection Vulnerability in ad_click.asp for PortalApp Multiple Cross-Site Scripting (XSS) Vulnerabilities in Iatek PortalApp's content.asp FastStone 4in1 Browser 1.2 Directory Traversal Vulnerability Cross-Site Scripting Vulnerability in PaFileDB 3.1 via id Parameter Race condition vulnerability in bzip2 allows local users to modify file permissions via a hard link attack during decompression Denial of Service Vulnerability in Windows Explorer and Internet Explorer in Windows 2000 SP1 SQL Injection Vulnerability in InterAKT MX Shop 1.1.1: Remote Code Execution via id_ctg Parameter SQL Injection Vulnerabilities in InterAKT MX Kart 1.1.2: Remote Code Execution Authentication Bypass Vulnerability in Bay Technical Associates RPC-3 Telnet Host 3.05 Format String Vulnerability in log_do Function in YepYep mtftpd 0.0.3 Buffer Overflow in mt_do_dir function in YepYep mtftpd 0.0.3 Denial of Service Vulnerabilities in OpenBSD SACK Functionality Arbitrary Web Script Injection via Parent Frame Title in Horde 3.0.4 SQL Injection Vulnerability in Lighthouse Squirrelcart's index.php Toshiba ACPI BIOS 1.6 Vulnerability: Boot Failure Due to MBR Table Examination Limitation Kerio Personal Firewall 4.1.2 and Earlier Local User Firewall Bypass Vulnerability Denial of Service Vulnerability in Gaim's gaim_markup_strip_html Function Arbitrary Markup Injection and Denial of Service Vulnerabilities in Gaim IRC Protocol Plugin Remote Denial of Service Vulnerability in Gaim 1.2.0 via Malformed File Transfer Request Denial of Service Vulnerability in CA eTrust Intrusion Detection 3.0 Heap-based Buffer Overflow in Mac OS X Syscall Emulation Functionality Privilege Escalation via Setuid/Setgid Scripts in Mac OS X 10.3.9 and Earlier Stack-based Buffer Overflow in semop System Call in Mac OS X 10.3.9 and Earlier Arbitrary Code Execution via Integer Overflow in Mac OS X 10.3.9 and Earlier Memory Exhaustion Vulnerability in setsockopt System Call in Mac OS X 10.3.9 and Earlier Privilege Escalation Vulnerability in nfs_mount Call in Mac OS X 10.3.9 and Earlier Denial of Service Vulnerability in Mac OS X 10.3.7 and Earlier Versions Arbitrary File Reading Vulnerability in AppleWebKit Denial of Service Vulnerability in Linux Kernel 2.6 tmpfs Driver Directory Traversal Vulnerability in IVT BlueSoleil 1.4 Object Push Service Buffer Overflow Vulnerabilities in RUMBA 7.3 and Earlier: Remote Code Execution and Denial of Service Remote File Inclusion Vulnerability in AlstraSoft EPay Pro 2.0 index.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in AlstraSoft EPay Pro 2.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Yet Another Forum.net 0.9.9 Quake 3 Engine Denial of Service Vulnerability Remote Code Execution Vulnerability in Star Wars Jedi Knight: Jedi Academy 1.011 and Earlier Denial of Service Vulnerability in Mac OS X Kernel Related to Fan Control Unit (FCU) Driver Denial of Service Vulnerability in NLSCCSTR.DLL in IBM Lotus Domino Server 6.5.1 and 6.0.3 IRC Services NickServ LISTLINKS Information Disclosure Vulnerability Race Condition Vulnerability in Gzip Allows Arbitrary File Permission Modification Heap Memory Disclosure Vulnerability in Javascript Engine Symlink Attack Vulnerability in unshar.c of sharutils 4.2.1 Insecure Temporary File Handling in IBM AIX 5.1, 5.2, and 5.3 Arbitrary Web Script Injection Vulnerability in phpMyAdmin index.php Buffer Overflow Vulnerability in nwprint in SCO OpenServer 5.0.7 Multiple SQL Injection Vulnerabilities in ProductCart 2.7 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ProductCart 2.7 Multiple SQL Injection Vulnerabilities in PHP-Nuke 7.6 Downloads Module Multiple SQL Injection Vulnerabilities in PHP-Nuke 7.6 Web_Links Module Sensitive Information Disclosure in Web_Links Module for PHP-Nuke 7.6 SQL Injection Vulnerability in PHP-Nuke Top Module (6.x - 7.6) Allows Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP-Nuke 7.6 Critical Open Redirect Vulnerability in Netegrity SiteMinder up to 4.5.1 Critical Path Traversal Vulnerability in almosteffortless secure-files Plugin up to 1.1 on WordPress (VDB-243804) Sensitive Information Disclosure in PHP-Nuke 7.6 via Surveys Module and 3D-Fantasy Theme Arbitrary File Read Vulnerability in Logics Software File Transfer (LOG-FT) Arbitrary PHP File Inclusion Vulnerability in ProfitCode PayProCart 3.0 Arbitrary Web Script Injection in ProfitCode PayProCart 3.0 via sgnuptype Parameter Authentication Bypass Vulnerability in ProfitCode PayProCart 3.0 Cross-Site Scripting (XSS) Vulnerabilities in SonicWALL SOHO 5.1.7.0 Denial of Service Vulnerability in CommuniGate Pro LIST Functionality XSS Vulnerability in ASP-Dev XM Forum RC3 Allows Remote Code Injection via IMG Tag Buffer Overflow Vulnerabilities in BakBone NetVault 6.x and 7.x Comersus Cart 6 XSS Vulnerability in Account Username Field SQL Injection Vulnerability in SiteEnable's content.asp Allows Remote Code Execution Arbitrary Web Script Injection in Iatek SiteEnable SMTP Service Denial of Service Vulnerability Buffer Overflow in MailEnable IMAP Service Allows Remote Code Execution Buffer Overflow in MailEnable IMAPd (MEIMAP.exe): Remote Code Execution Vulnerability Arbitrary Script Injection in MaxWebPortal 1.33 and Earlier via XSS Vulnerability in links_add_form.asp Arbitrary SQL Command Execution in MaxWebPortal 1.33 and Earlier Buffer Overflow in UniversalAgent for CA BrightStor ARCserve Backup: Remote Code Execution Vulnerability Buffer Overflow in getConfig Function in Aeon 0.2a and Earlier: Privilege Escalation via Long HOME Environment Variable Denial of Service Vulnerabilities in SSH 2 on Cisco IOS 12.0-12.3 Memory Leak Vulnerability in Cisco IOS SSH Authentication with TACACS+ Sensitive Information Disclosure in ColdFusion 6.1 Updater 1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP-Nuke 6.x to 7.6 Sensitive Information Disclosure in PHP-Nuke 6.x to 7.6 via Direct Request AS/400 4.3 FTP Server Symlink Vulnerability SQL Injection Vulnerabilities in SnailSource phpBB 2.0.x Mods Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP-Nuke 6.x through 7.6 Sensitive Information Disclosure in PHP-Nuke 6.x through 7.6 Multiple SQL Injection Vulnerabilities in Active Auction House Multiple Cross-Site Scripting (XSS) Vulnerabilities in Active Auction House Arbitrary File Upload Vulnerability in RUNCMS 1.1A and e-Xoops Information Disclosure Vulnerability in CubeCart 2.0.6 Denial of Service Vulnerability in SurgeFTP 2.2m1 via LEAK Command Unknown Buffer Overflow Vulnerabilities in Pavuk 0.9.32 Improper Initialization of IO Permission Bitmap in FreeBSD 5.x to 5.4 on AMD64 Root Privilege Escalation Vulnerability in AIX 5.3.0 NIS Client Configuration Local Privilege Escalation: Symlink Vulnerability in Vixie Cron 4.1 Race condition vulnerability in Core Utilities (coreutils) 5.2.1 allows local users to modify permissions of other files Root Privilege Escalation Vulnerabilities in Novell Linux Desktop 9's netapplet Denial of Service Vulnerability in Linux Kernel's fib_seq_start Function Integer Overflow in exif_process_IFD_TAG Function in PHP Denial of Service Vulnerability in PHP's exif.c Arbitrary Command Execution via UNC Path in OpenText FirstClass 8.0 Client Remote Code Execution Vulnerability in kimgio Library for KDE 3.4.0 via Crafted PCX Image File Arbitrary Command Execution Vulnerability in Meilad File Upload Script (up.php) for phpBB 2.0.x SQL Injection Vulnerability in PostNuke 0.760 RC3 via sid Parameter Multiple Cross-Site Scripting Vulnerabilities in PostNuke 0.760-RC3 Information Disclosure Vulnerability in PostNuke 0.760-RC3 Reviews Module SQL Injection Vulnerability in PunBB 1.2.4 Profile.php Change_email Action Address Spoofing Vulnerability in Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ModernBill 4.3.0 and Earlier via orderwiz.php Remote File Inclusion Vulnerability in ModernBill 4.3.0 and Earlier: Arbitrary PHP Code Execution Insecure Storage of Login Data in TowerBlog 0.6 and Earlier Denial of Service Vulnerability in HP OpenView Network Node Manager (NMM) Bypassing Authentication in Cisco IOS Easy VPN Server XAUTH Version 6 ISAKMP Profile Attribute Processing Bypass Vulnerability Remote Password Change Vulnerability in Linksys WET11 1.5.4 Denial of Service Vulnerability in Novell Netware 6.x TCP/IP Functionality LogWatch Secure Script Regular Expression Denial of Service Vulnerability Brute Force Vulnerability in Kerio WinRoute Firewall, Personal Firewall, and MailServer Denial of Service Vulnerability in Kerio WinRoute Firewall, Personal Firewall, and MailServer Local Privilege Escalation Vulnerability in rsnapshot Symlink Attack Vulnerability in tetex on Novell Linux Desktop 9 Race condition vulnerability in rpdump in Pine 4.62 and earlier allows local users to perform arbitrary file overwriting via symlink attack. Access_user Class Vulnerability: Unauthorized User Access via Default Password Arbitrary JavaScript Execution via [url] Tags in sCssBoard 1.11 and Earlier Unspecified Vulnerability in sCssBoard 1.11 and Earlier Allows Exploit on Profile Page SQL Injection Vulnerability in Invision Power Board 1.3.1 Final and Earlier: Remote Code Execution via index.php Arbitrary SQL Command Execution Vulnerability in JPortal Web Portal 2.3.1 Arbitrary Web Script Injection Vulnerability in PunBB before 1.2.5 RadScripts RadBids Gold 2 index.php Directory Traversal Vulnerability Remote Code Execution via SQL Injection in RadScripts RadBids Gold 2 index.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in RadBids Gold 2 WebCT Campus Edition 4.1 Discussion Board Cross-Site Scripting (XSS) Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in XAMPP 1.4.x XAMPP 1.4.x Default or Null Password Vulnerability Arbitrary SQL Command Execution in zOOm Media Gallery 2.1.2 via catid Parameter Java Archive Tool (Jar) Utility Directory Traversal Vulnerability AzDGDatingPlatinum 1.1.0 view.php Cross-site Scripting (XSS) Vulnerability Multiple SQL Injection Vulnerabilities in AzDGDatingPlatinum 1.1.0 Arbitrary File Inclusion Vulnerability in aeDating 3.2 SQL Injection Vulnerability in aeDating 3.2's sdating.php Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in aeDating 3.2 Control Panel Buffer Overflow in cmdIS.DLL Plugin for AN HTTPD Server 1.42n via Long User-Agent Header CRLF Injection Vulnerability in cmdIS.DLL Plugin for AN HTTPD Server 1.42n Privilege Escalation Vulnerability in DameWare NT Utilities and Mini Remote Control Arbitrary File Data Append Vulnerability in DC++ before 0.674 Maxthon 1.2.0 and 1.2.1 Directory Traversal Vulnerability Remote Code Execution Vulnerability in Maxthon 1.2.0 and 1.2.1 Plaintext Storage of Credentials in Lightspeed DeluxeFTP 6.01's sites.xml File Allows Privilege Escalation Remote Code Execution Vulnerability in PopUp Plus 2.0.3.8 Plugin for Miranda IM FTP Now 2.6.14 Plaintext Password Storage Vulnerability Arbitrary Web Script Injection Vulnerability in Ocean12 Membership Manager Pro 1.x Ocean12 Membership Manager Pro 1.x SQL Injection Vulnerability Plaintext Password Storage Vulnerability in Rebrand P2P Share Spy 2.2 Plaintext Storage of Username and License Key in GetDataBack for NTFS 2.31 Remote Code Execution Vulnerability in Greylisting Daemon (GLD) 1.3 and 1.4 Format String Vulnerability in GLD's ErrorLog Function Buffer Overflow Vulnerabilities in Lotus Domino Server 6.0.5 and 6.5.4 Arbitrary Command Execution via Cross-Site Scripting (XSS) in WordPress 1.5 and Earlier Unprivileged User Policy Modification Vulnerability in Sygate Security Agent Centra 7 Multiple Cross-Site Scripting (XSS) Vulnerabilities JavaMail 1.3.2 MimeBodyPart.getFileName Directory Traversal Vulnerability Denial of Service Vulnerability in QuickTime for Windows 6.5.2 via GIF Image Integer Overflow Insecure Default ACLs in McAfee Internet Security Suite 2005: Privilege Escalation and Protection Bypass Vulnerability Referrer Field Overwrite Vulnerability in JunkBuster 2.0.2-r2 JunkBuster URL Filtering Vulnerability: Remote Code Execution and Denial of Service Stack-based Buffer Overflow in SUMUS 0.2.2 HTTP Server Allows Remote Code Execution Race condition vulnerability in cpio 2.6 and earlier allows local users to modify file permissions via a hard link attack during decompression Information Disclosure Vulnerability in IBM WebSphere Application Server 6.0 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in PhpBB Plus 1.52 and Earlier SQL Injection Vulnerabilities in Photo Album 2.0.53 for phpBB Cross-Site Scripting (XSS) Vulnerabilities in Photo Album 2.0.53 Module for phpBB Arbitrary Code Injection through Calendar Scheduler in phpBB All4WWW-Homepagecreator 1.0a PHP Remote File Inclusion Vulnerability Arbitrary Web Script Injection Vulnerability in RSA Authentication Agent for Web 5.2 Symlink Attack Vulnerability in Sudo VISudo 1.6.8 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in IlohaMail 0.8.14 and Earlier Format String Vulnerability in Oops! Proxy Server 1.5.23 and Earlier Double-encoded format string vulnerability in Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause denial of service and potentially execute arbitrary code via HTTP GET request. Denial of Service Vulnerability in Monkey Daemon (monkeyd) 0.9.1 and earlier Privilege Escalation Vulnerability in libgss Library in Solaris 7, 8, and 9 Race Condition Vulnerability in libsafe 2.0.16 and Earlier Kernel Memory Disclosure Vulnerability in FreeBSD's SIOCGIFCONF ioctl Format String Vulnerability in Net::Server Log Function SQL Injection Vulnerabilities in VHCS 2.4 and Earlier: Remote Code Execution Email Attachment Leakage Vulnerability Arbitrary Web Script Injection Vulnerability in Pinnacle Cart's index.php Unspecified Critical Vulnerability in Veritas i3 Focalpoint Server 7.1 and Earlier Denial of Service Vulnerability in LG U8120 Mobile Phone via Malformed MIDI File User Enumeration Vulnerability in IBM iSeries AS/400 POP3 Server SQL Injection Vulnerability in exit.php for Serendipity 0.8 and Earlier Arbitrary Web Script Injection Vulnerability in Simple PHP Blog (sphpBlog) 0.4.0 Sensitive Information Disclosure and Password Cracking Vulnerability in Simple PHP Blog (sphpBlog) 0.4.0 Information Disclosure Vulnerability in Simple PHP Blog (sphpBlog) 0.4.0 Denial of Service Vulnerability in Kerio MailServer WebMail Organizational Information Spoofing Vulnerability in Opera 8 Beta 3 XSS Vulnerability in myBloggie 2.1.1 Allows Remote Code Injection via Comments Heap-based Buffer Overflow in GOCR 0.40 via PNM File with Large Width and Height Values Heap-based Buffer Overflow in GOCR 0.40's readpgm Function Allows Remote Code Execution Arbitrary Script Injection in EasyPHPCalendar index.php (yr parameter) Information Disclosure Vulnerability in EasyPHPCalendar Cross-Site Scripting (XSS) Vulnerability in CalendarScript 3.20 via template parameter Cross-Site Scripting (XSS) Vulnerability in CalendarScript 3.21 Login Command Information Disclosure in CalendarScript 3.20 via Invalid Parameters Information Disclosure in CalendarScript 3.21 via Invalid Year and Month Parameters ACNews 1.0 Admin Login SQL Injection Vulnerability Denial of Service Vulnerability in Sun Java System Web Server 6.0 SP7 and Earlier on Windows Systems Privilege Escalation Vulnerability in qpopper 4.0.5 and Earlier Improper umask setting in qpopper 4.0.5 and earlier allows for group/world-writable file creation Arbitrary Code Execution via Popup Blocker Bypass in Firefox and Mozilla Suite Cross-Site Scripting through Global Scope Pollution in Firefox and Mozilla Suite Firelinking: Remote Code Execution via Favicon Functionality Remote Code Execution via Search Plugin in Firefox, Mozilla Suite, and Netscape Firesearching 2: Remote Replacement of Search Plugins in Firefox, Mozilla Suite, and Netscape 7.2 Arbitrary JavaScript Injection Vulnerability in Firefox Sidebar Type Confusion Vulnerability in Firefox and Mozilla Suite Privilege Escalation via DOM Node Property Override in Firefox and Mozilla Suite SQL Injection Vulnerabilities in OneWorldStore Multiple Cross-Site Scripting (XSS) Vulnerabilities in OneWorldStore Multiple Buffer Overflows in Yager 5.24 and Earlier: Remote Code Execution Vulnerabilities Denial of Service Vulnerability in Yager 5.24 and Earlier Denial of Service Vulnerability in Yager 5.24 and Earlier Clear-text Storage of User Credentials in Dameware NT Utilities and MiniRemote Control Improper Log File Storage in Musicmatch 10.00.2047 and Earlier Arbitrary File Overwrite Vulnerability in Musicmatch 10.00.2047 and Earlier Remote Code Execution in Mafia Blog .4 BETA via Admin Directory Vulnerability SQL Injection Vulnerability in mod.php in Datenbank Module for phpBB Arbitrary Web Script Injection Vulnerability in phpBB Datenbank Module Arbitrary Web Script Injection Vulnerability in Coppermine Photo Gallery 1.3.x Remote Code Execution Vulnerability in PMSoftware Simple Web Server 1.0 via Buffer Overflow Denial of Service Vulnerability in MIT Kerberos 5 Key Distribution Center (KDC) Heap-based Buffer Overflow in MIT Kerberos 5 Key Distribution Center (KDC) Race Condition Vulnerability in JFS2 on AIX 5.2 and 5.3: Potential Data Leakage during File Deletion Webmin and Usermin Configuration File Permissions Vulnerability Oracle Forms 10g SQL Injection Vulnerability Remote Code Execution Vulnerability in Xerox MicroServer Web Server for Various WorkCentre Products HTTP Response Splitting Vulnerability in PHP-Nuke 7.6 Surveys Module Disputed PHP Remote Code Injection Vulnerability in Ariadne CMS 2.4 Denial of Service Vulnerability in IBM OS/400 R510, R520, and R530 XSS Vulnerability in mvnForum 1.0 RC4 via Search Parameter TCP/IP Stack Denial of Service Vulnerability Unquoted Windows Search Path Privilege Escalation Vulnerability in Musicmatch Jukebox 10.00.2047 and Earlier Cross-Site Scripting (XSS) Vulnerability in Musicmatch Jukebox 10.00.2047 and Earlier Heap-based Buffer Overflow in WinHex 12.05 SR-14 and Other Versions via Long File Name Argument Arbitrary Web Script Injection in Comersus 3.90 to 4.51 via curPage Parameter WebcamXP PRO v2.16.468 XSS Vulnerability in Chat Name Field Denial of Service Vulnerability in WebcamXP PRO v2.16.468 and Earlier Arbitrary Script Execution via Web View DLL in Windows Explorer Denial of Service Vulnerability in HP-UX TCP/IP on IPv4 Arbitrary Script Execution via BBcode Tag in phpBB Stack-based Buffer Overflow in ieee_putascii Function in NASM 0.98 and Earlier Heap-based Buffer Overflow in xine-lib Allows Remote Code Execution SQL Injection Vulnerability in Knowledge Base Module for phpBB Arbitrary SQL Command Execution in Oracle Database Server 10g via SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET Procedure Directory Traversal Vulnerability in apexec.pl for Anaconda Foundation Directory SQL Injection Vulnerability in UBB.Threads printthread.php Allows Remote Code Execution Remote File Inclusion Vulnerability in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c Directory Traversal Vulnerabilities in AZ Bulletin Board (AZbb) before 1.0.08 eGroupware Multiple Cross-Site Scripting (XSS) Vulnerabilities SQL Injection Vulnerabilities in eGroupware before 1.0.0.007 Denial of Service Vulnerability in Desktop Rover 3.0 and Earlier Versions Sensitive Environment Variable Disclosure in Telnet Client for Windows XP, Windows Server 2003, and Windows Services for UNIX Critical Buffer Overflow in SMB Functionality: Server Message Block Vulnerability Buffer Overflow in Web Client Service in Windows XP and Windows Server 2003 Allows Remote Code Execution via Crafted WebDAV Request Heap-based Buffer Overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier via Crafted CHM File Buffer Overflow in Microsoft Internet Explorer PNG Image Rendering Component Buffer Overflow in Microsoft Step-by-Step Interactive Training Allows Remote Code Execution Remote Code Execution Vulnerability in Microsoft Outlook Express NNTP News Reader Remote Code Execution Vulnerability in Microsoft Agent Multiple Content-Length Headers Vulnerability in Microsoft ISA Server 2000 Remote NetBIOS Connection Vulnerability in Microsoft ISA Server 2000 Remote Desktop Protocol (RDP) Denial of Service Vulnerability in Microsoft Windows Buffer Overflow in Microsoft Color Management Module: Remote Code Execution Vulnerability Sensitive Information Disclosure in Shoutbox SCRIPT 3.0.2 and Earlier SQL Injection Vulnerability in Ecommerce-Carts EcommPro 3.0 Login Page Arbitrary PHP Code Execution in cat_for_gen.php in Annuaire Netref 4.2 Ocean12 Calendar Manager 1.01 - Multiple SQL Injection Vulnerabilities in Admin_id Field Multiple SQL Injection Vulnerabilities in DUware DUportal Pro 3.4 SQL Injection Vulnerability in Coppermine Photo Gallery 1.3.2 Coppermine Photo Gallery 1.3.2 Passwords Stored in Plaintext Vulnerability PHProjekt 4.2 and Earlier Cross-Site Scripting (XSS) Vulnerability in Chatroom Text Submission Form Directory Traversal Vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 Directory Traversal Vulnerability in cpio 2.6 and Earlier Directory Traversal Vulnerability in Yawcam 0.2.5 Arbitrary Web Script Injection in JAWS 0.4 GlossaryModel.php Buffer Overflow Vulnerability in Sun Java System Web Proxy Server Arbitrary Web Script Injection Vulnerability in PHP Labs proFile SQL Injection Vulnerabilities in phpbb-Auction Sensitive Information Disclosure in auction_my_auctions.php in phpbb-Auction 1.2m and earlier Multiple SQL Injection Vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL Arbitrary SQL Command Execution in FlexPHPNews 0.0.3 via news.php SQL Injection Vulnerability FTP Server on iSeries AS/400 Systems Allows Arbitrary File Access and Modification Directory Traversal Vulnerability in Raz-Lee's Third Party Tool for iSeries AS/400 FTP Server Castlehill iSeries AS/400 FTP Server Directory Traversal Vulnerability Directory Traversal Vulnerability in Powertech's Third Party Tool for iSeries AS/400 FTP Server Directory Traversal Vulnerability in Bsafe's Third Party Tool for iSeries AS/400 FTP Server Directory Traversal Vulnerability in SafeStone's Third Party Tool for iSeries AS/400 FTP Server Directory Traversal Vulnerability in NetIQ's Third Party Tool for iSeries AS/400 FTP Server Arbitrary Web Script Injection Vulnerability in MediaWiki before 1.4.2 Format String Vulnerability in snmppd_log Function in snmppd_util.c Denial of Service Vulnerability in Novell Nsure Audit 1.0.1 Buffer Overflow Vulnerability in Apple iTunes 4.8 Allows Remote Code Execution via Crafted MPEG4 File Denial of Service Vulnerability in Ipswitch Collaboration Suite IMAP Daemon SQL Injection Vulnerability in IpSwitch WhatsUp Professional 2005 SP1 Logon Screen Directory Traversal Vulnerability in Ipswitch Imail Server 8.13 and Earlier Versions Stack-based Buffer Overflow in Ipswitch IMail IMAP Server Stack-based buffer overflows in IMail IMAP Server allow remote code execution Stack-based Buffer Overflow in IMail IMAP Daemon Bzip2 Decompression Bomb Vulnerability Stack-based Buffer Overflow in Gaim URL Parsing Function Denial of Service Vulnerability in Gaim 1.2.1 and Earlier via Malformed MSN Message Buffer Overflow Vulnerability in Linux Kernel's elf_core_dump Function Improper Function Call in Raw Character Devices: Kernel Address Space Access Vulnerability Denial of Service Vulnerability in Linux Kernel 2.6.10's mmap Function Denial of Service in Apache SpamAssassin 3.0.1-3.0.3 Denial of Service Vulnerability in tcpdump 3.x via Crafted BGP Packet Apache mod_ssl CRL Verification Callback Buffer Overflow Vulnerability Denial of Service Vulnerability in Gaim 1.3.1 Symlink Attack Vulnerability in Rootkit Hunter before 1.2.3-r1 Remote Code Execution Vulnerability in BrightStor ARCserve Backup Agent for SQL Server 11.0 Remote Code Execution via Stack-based Buffer Overflow in MySQL MaxDB WebDAV Functionality Heap-based Buffer Overflow in ReadPNMImage Function in ImageMagick Denial of Service Vulnerability in tcpdump 3.9.1 and Earlier Denial of Service Vulnerability in tcpdump 3.8.3 and Earlier Denial of Service Vulnerability in tcpdump 3.9.1 and Earlier via Crafted RSVP Packet Denial of Service Vulnerability in Ethereal 0.10.10 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 Directory Traversal Vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 Arbitrary Account Creation Vulnerability in Argosoft Mail Server Pro 1.8.7.6 Arbitrary Web Script Injection Vulnerability in WoltLab Burning Board 2.3.1 and Earlier Unquoted Windows Search Path Vulnerability in BitDefender 8 Multiple SQL Injection Vulnerabilities in BK Forum 4.0 Remote Code Execution Vulnerability in ACS Blog 0.8 through 1.1.3 Arbitrary Command Execution in E-Cart 2004 1.1 and Earlier via index.cgi Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpBB 2.0.14 and Earlier Multiple SQL Injection Vulnerabilities in CartWIZ ASP Cart Multiple Cross-Site Scripting (XSS) Vulnerabilities in CartWIZ ASP Cart Multiple SQL Injection Vulnerabilities in StorePortal 2.63 Default.asp Affix Bluetooth Protocol Stack for Linux Privilege Escalation Vulnerability Arbitrary File Read Vulnerability in include.cgi Script Remote Code Execution Vulnerability in include.cgi Script Arbitrary Code Injection through include.cgi Script Arbitrary File Read Vulnerability in inserter.cgi Script Remote Code Execution Vulnerability in inserter.cgi Script Inserter.cgi Script XSS Vulnerability Arbitrary File Write Vulnerability in nProtect:Netizen 2005.3.17.1 SQL Injection Vulnerability in Confixx 3.08 and Earlier: Remote Code Execution via Change User Field Arbitrary File Read Vulnerability in citat.pl Script Remote Code Execution Vulnerability in citat.pl Script Arbitrary File Read Vulnerability in hyper.cgi Script XML External Entity vulnerability in Adobe Reader and Acrobat 7.0 and 7.0.1 Arbitrary Code Execution Vulnerability in Adobe Version Cue on Mac OS X CRLF Injection Vulnerability in SqWebMail Arbitrary Script Injection in bBlog 0.7.4 via Entry Title and Comment Body Arbitrary SQL Command Execution in bBlog 0.7.4 via postid Parameter Arbitrary Web Script Injection Vulnerability in Yappa-NG before 2.3.2 Yappa-NG 2.3.2 PHP Remote File Inclusion Vulnerability Arbitrary Web Script Injection via Horde Passwd Module Title Arbitrary Web Script Injection via Horde Kronolith Module Title Arbitrary Web Script Injection via Horde Turba Module Title Horde Accounts Module XSS Vulnerability Arbitrary Web Script Injection via Horde Chora Module Title Arbitrary Web Script Injection in Horde Forwards E-Mail Forwarding Manager Arbitrary Web Script Injection via Horde IMP Webmail Client Title Arbitrary Web Script Injection in Horde Mnemo Note Manager Arbitrary Web Script Injection via Horde Vacation Module Title Arbitrary Web Script Injection via Parent Frame Page Title in Horde Nag Task List Manager Remote Code Execution Vulnerability in NetFtpd for NetTerm 5.1.1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyVisites index.php Arbitrary File Inclusion Vulnerability in set_lang.php in phpMyVisites 1.3 Buffer Overflow Vulnerability in VooDoo cIRCle BOTNET (Version 1.0.33 and earlier) Allows Remote Authenticated Attackers to Cause Denial of Service Arbitrary Web Script Injection Vulnerability in Woltlab Burning Board 2.3.1 PL2 and Earlier OneWorldStore Denial of Service Vulnerability Sensitive Information Disclosure in owOfflineCC.asp Denial of Service Vulnerability in AppKit via Malformed TIFF Image AppleScript Editor in Mac OS X 10.3.9 URI Code Display Vulnerability Default Bluetooth File Exchange Service Vulnerability in Mac OS X 10.3.9 Mac OS X 10.3.9 OBEX Directory Traversal Vulnerability Privilege Escalation Vulnerability in Mac OS X 10.3.9 via Insecure Usage of External Helper Programs Buffer Overflow Vulnerability in Mac OS X 10.3.9 Foundation Framework Arbitrary Script Execution Vulnerability in Apple Help Viewer 2.0.7 and 3.0.0 Plaintext Storage of Initial LDAP Passwords in Mac OS X 10.3.9 Chroot Escape Vulnerability in lukemftpd on Mac OS X 10.3.9 Unrestricted Access Vulnerability in Mac OS X Server Admin HTTP Proxy Service Arbitrary Command Execution Vulnerability in Apple Terminal 1.4.4 Terminal Escape Sequence Injection Vulnerability Stack-based buffer overflow in Mac OS X VPN daemon (vpnd) allows arbitrary code execution via long -i argument Buffer Overflow in htdigest in Apache 2.0.52 Inadequate Error Handling in Squid 2.5.STABLE9 and Earlier Allows for Less Restrictive ACLs Denial of Service Vulnerability in Symantec AntiVirus Products via Crafted RAR File Potential Denial of Service and Memory Modification Vulnerability in Adobe Acrobat Reader 6.0 and Earlier Buffer Overflow in HTTPMail in MailEnable Enterprise and Professional Versions Buffer Overflow in Convert-UUlib: Remote Code Execution Vulnerability Path Traversal Vulnerability in ad.cgi Script Remote Code Execution Vulnerability in ad.cgi Script Ad.cgi Script XSS Vulnerability Arbitrary File Read Vulnerability in forum.pl Script Arbitrary Command Execution Vulnerability in forum.pl Script Arbitrary File Read Vulnerability in The Includer's includer.cgi Arbitrary Code Injection via includer.cgi Script in The Includer Arbitrary File Read Vulnerability in text.cgi Script Arbitrary Command Execution Vulnerability in text.cgi Script Arbitrary Code Injection through text.cgi Script: Cross-Site Scripting (XSS) Vulnerability GrayCMS 1.1 Path Prefix Remote File Inclusion Vulnerability Multiple SQL Injection Vulnerabilities in MetaCart e-Shop 8.0 Multiple SQL Injection Vulnerabilities in MetaCart 2.0 for Paypal Multiple SQL Injection Vulnerabilities in MetaCart 2.0 for PayFlow Multiple SQL Injection Vulnerabilities in MetaBid Auctions Arbitrary Command Execution in Pico Server (pServ) 3.2 and Earlier Source Code Disclosure in Pico Server (pServ) 3.2 and Earlier Arbitrary File Read Vulnerability in Pico Server (pServ) 3.2 and Earlier Denial of Service Vulnerability in Linux Kernel 2.6.10 to 2.6.11.8 via SMP Denial of Service Vulnerability in it87 and via686a Drivers in Linux 2.6.x Remote Code Execution Vulnerability in HP OpenView Radia Management Portal (RMP) Privilege Escalation in BulletProof FTP Server 2.4.0.31 Privilege Escalation via Help Menu in BakBone NetVault 7.1 SQL Injection Vulnerabilities in Dream4 Koobi CMS 4.2.3: Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in Claroline and Dokeos Multiple SQL Injection Vulnerabilities in Claroline and Dokeos Arbitrary File Upload Vulnerabilities in Claroline and Dokeos PHP Remote File Inclusion Vulnerabilities in Claroline and Dokeos SQL Injection Vulnerability in phpBB Notes Module Privilege Escalation Vulnerability in LAM Runtime Environment Package on Mandrake Linux BEA Admin Console 8.1 Cross-Site Scripting (XSS) Vulnerability Oracle Webcache 9i Multiple Cross-Site Scripting (XSS) Vulnerabilities Arbitrary File Corruption Vulnerability in Oracle Webcache 9i Bypassing HTTP Server mod_access Restrictions via Oracle Application Server OHS Component Vulnerability Multiple SQL Injection Vulnerabilities in phpCoin 1.2.2 NULL Pointer Dereference Denial of Service Vulnerability in Safari 1.3 Sensitive Information Disclosure in PHP-Nuke 7.6 and Earlier Cocktail 3.5.4 and Earlier in Mac OS X Vulnerability: Cleartext Transmission of Administrative Password Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote code injection. Buffer Overflow in APSIS Pound 1.8.2 and Earlier: Remote Code Execution via Host HTTP Header World-readable permissions in phpMyAdmin 2.6.2 SQL install script allow password exposure Buffer Overflow Vulnerabilities in ArcGIS for ESRI ArcInfo Workstation 9.0 Format String Vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 Buffer Overflow Vulnerability in Ce/Ceterm 2.5.4 and Earlier: Local Privilege Escalation Symlink Attack Vulnerability in Ce/Ceterm (ARPUS/Ce) 2.5.4 and Earlier SQL Injection Vulnerability in PHP-Calendar's search.php Remote Code Execution in PHPCart 3.2 and later versions Insecure Default Permissions for /dev/iir Device in FreeBSD Kernel Memory Disclosure Vulnerability in i386_get_ldt System Call Mtp-Target Client Format String Vulnerability Integer Signedness Error in NeL Library Allows Remote DoS Multiple Cross-Site Scripting (XSS) Vulnerabilities in JustWilliam's Amazon Webstore 04050100 Username Spoofing Vulnerability in MyPHP Forum 1.0 Lotus Domino HTTP Response Splitting Vulnerability Buffer Overread Vulnerability in FreeBSD Kernel Local Privilege Escalation Vulnerability in Skype for Windows 1.2.0.0 to 1.2.0.46 Arbitrary File Read Vulnerability in Apple Keynote 2.0 and 2.0.1 Character Conversion Vulnerability in PostgreSQL Denial of Service Vulnerability in PostgreSQL tsearch2 Module Plaintext Password Storage in Cybration ICUII 7.0 Allows Local Privilege Escalation SQL Injection Vulnerability in Ecomm Professional Guestbook 3.x: Remote Code Execution via AdminPWD Parameter Multiple SQL Injection Vulnerabilities in enVivo!CMS ExoticSoft FilePocket 1.2 Local Privilege Escalation via Plaintext Proxy Password Storage Buffer Overflow Exploit in GlobalSCAPE Secure FTP Server 3.0.2 04WebServer 1.81 Directory Traversal Vulnerability Multiple SQL Injection Vulnerabilities in MaxWebPortal Plaintext Storage of View Lock Password in NetLeaf Limited NotJustBrowsing 1.0.3 Ocean12 Mailing List Manager 1.06 Admin Login Panel SQL Injection Vulnerability Information Disclosure Vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta Directory Traversal Vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta Remote Code Execution and Denial of Service Vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta Directory Traversal Vulnerability in 602LAN SUITE 2004.0.05.0413 Mail Program Plaintext Storage of Sensitive Information in StumbleInside GoText 1.01 Insufficient Access Control in Uguestbook 1.0 Allows Remote Database Download Insufficient Access Control in Ublog Reload Allows Remote Database Download Sensitive Information Exposure: Database Stored Under Web Document Root Arbitrary File Upload Vulnerability in Uphotogallery's edit_image.asp SQL Injection Vulnerability in Login.asp in WWWGuestbook 1.1 Insecure Permissions for Pseudo Terminal (PTY) in Mac OS X 10.3.x and Earlier GnuTLS record packet parsing Denial of Service Vulnerability HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 Multiple Unknown Vulnerabilities Unknown Vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50: Denial of Service and Arbitrary Code Execution Arbitrary Command Execution in Open WebMail (OWM) before 2.51 20050430 Multiple Cross-Site Scripting (XSS) Vulnerabilities in osTicket Multiple SQL Injection Vulnerabilities in osTicket osTicket main.php Remote File Inclusion Vulnerability osTicket attachments.php Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in ViArt Shop Enterprise 2.1.6 Lotus Domino Format String Vulnerability Buffer Overflow Vulnerability in Lotus Notes Client for Domino 6.5 and 6.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in SitePanel 2.6.1 and Earlier Directory Traversal Vulnerabilities in SitePanel 2.6.1 and Earlier Arbitrary File Upload and Execution in SitePanel 2.6.1 and Earlier Remote File Inclusion Vulnerability in SitePanel 2.6.1 and Earlier: Arbitrary PHP Code Execution BBCode Plugin XSS Vulnerability in Serendipity Unspecified Vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 Unspecified Path-Name Validation Vulnerability in Serendipity before 0.8 Arbitrary File Upload and Execution in Serendipity Media Manager Privilege Escalation: Chief Users Can Hide Plugins Installed by Other Users Remote NNTP Server Denial of Service Vulnerability in Leafnode 1.9.48 to 1.11.1 SQL Injection Vulnerability in FreeRADIUS SQL Module Buffer Overflow in SQL Module of FreeRADIUS 1.0.2 and Earlier: Remote Denial of Service Vulnerability Denial of Service Vulnerabilities in Ethereal DHCP and Telnet Dissectors Multiple Denial of Service Vulnerabilities in Ethereal Dissectors Unspecified Vulnerabilities in KINK Dissector in Ethereal before 0.10.11 Multiple Denial of Service Vulnerabilities in Ethereal Dissectors Denial of Service Vulnerability in Ethereal 0.10.11 and Earlier Versions Multiple Buffer Overflows in Ethereal Dissectors: Remote Code Execution Vulnerability Double Free Vulnerability in ICEP Dissector in Ethereal before 0.10.11 Allows Remote Code Execution Arbitrary Code Execution via Format String Vulnerabilities in Ethereal DHCP and ANSI A Dissectors Denial of Service Vulnerabilities in Multiple Protocols in Ethereal before 0.10.11 Denial of Service Vulnerability in NCP Dissector in Ethereal before 0.10.11 DICOM Dissector Denial of Service Vulnerability NDPS Dissector Memory Exhaustion Vulnerability Multiple Remote Denial of Service Vulnerabilities in Ethereal Dissectors GSM Dissector Pointer Access Vulnerability Multiple Unknown Vulnerabilities in Ethereal Dissectors Remote Code Execution Vulnerability in RSA SecurID Web Agent 5.x Improper Permission Enforcement in Apple Mac OS X 10.4.1 System Calls Physical Access Bypass Vulnerability in Apple Mac OS X 10.4.1 Screensaver Unprompted Widget Installation Vulnerability in Apple Mac OS X 10.4.1 Dashboard XMLHttpRequest Access Restriction Bypass Vulnerability in Opera 8.0 Final Build 1095 Arbitrary Code Execution Vulnerability in Firefox 1.0.3 Arbitrary Code Execution Vulnerability in Firefox 1.0.3 Format String Vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a Arbitrary SQL Command Execution in JGS-Portal 3.0.1 and Earlier RaidenFTPD Directory Traversal Vulnerability SQL Injection Vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar Remote Privilege Escalation in ArticleLive 2005 via Cookie Manipulation Multiple Cross-Site Scripting (XSS) Vulnerabilities in ArticleLive 2005 Golden FTP Server Pro 2.52 Directory Traversal Vulnerability Information Disclosure Vulnerability in Golden FTP Server Pro 2.52 Multiple Cross-Site Scripting Vulnerabilities in FishCart 3.1 Multiple SQL Injection Vulnerabilities in FishCart 3.1 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 Information Disclosure Vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 Information Disclosure Vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 Arbitrary File Movement Vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 Arbitrary Web Script Injection Vulnerability in Gossamer Threads Links SQL 2.x and 3.0 SimpleCam 1.2 Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in MegaBook 2.0 and 2.1 Admin.cgi Fine Grained Audit (FGA) Disabling Vulnerability in Oracle Database 9i and 10g Privilege Escalation in Oracle 10g DBMS_Scheduler Sensitive Information Disclosure in myBloggie 2.1.1 via Invalid post_id Parameter Cross-Site Scripting (XSS) Vulnerabilities in myBloggie 2.1.1 Arbitrary Comment Deletion Vulnerability in myBloggie 2.1.1 Multiple SQL Injection Vulnerabilities in myBloggie 2.1.1 and 2.1.3 Sensitive Information Disclosure in MidiCart PHP Shopping Cart Arbitrary Script Injection in MidiCart PHP Shopping Cart Multiple SQL Injection Vulnerabilities in MidiCart PHP Shopping Cart CD-Key Spoofing Vulnerability in GameSpy SDK CD-Key Validation Toolkit Insecure Password Transmission in Mail.app 2.0 SQL Injection Vulnerability in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 Buffer Overflow Vulnerability in Tomcat Plugin in 4d WebSTAR 5.33 and 5.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PwsPHP 1.2.2 SQL Injection Vulnerability in profil.php in PwsPHP 1.2.2 Information Disclosure Vulnerability in PwsPHP 1.2.2 Authentication Bypass and Arbitrary Comment Posting in PwsPHP 1.2.2 Arbitrary File Upload Vulnerability in PwsPHP 1.2.2 Admin Panel Integer Overflow in stralloc_readyplus Function in qmail Denial of Service and Arbitrary Code Execution Vulnerability in qmail on 64-bit Platforms Integer Signedness Error in qmail_put and substdio_put Functions in qmail Authentication Bypass and System Shutdown Vulnerability in DMail 3.1a Bypassing Access Control Lists in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier Denial of Service Vulnerability in Solaris 7-9 with FNS, autofs, and FNS X.500 Configuration DNS Spoofing Vulnerability in Squid 2.5 STABLE9 and Earlier Buffer Overflow in header_get_field_name function in GNU Mailutils Heap-based buffer overflow in fetch_io function of GNU Mailutils 0.5 and 0.6 allows remote code execution Denial of Service Vulnerability in GNU Mailutils IMAP4D Server Remote Code Execution via Format String Vulnerability in GNU Mailutils IMAP4d Server Arbitrary PHP Code Execution via File Inclusion in Cacti 0.8.6d Arbitrary SQL Command Execution in Cacti config_settings.php Cacti 0.8.6e PHP Remote File Inclusion Vulnerability AWStats Eval Injection Vulnerability Untrusted Search Path Vulnerability in crttrap Command in QNX Neutrino RTOS 6.2.1 Denial of Service in Sophos Anti-Virus 5.0.1 via Bzip2 Archive with Large 'Extra Field Length' Value Script Injection Vulnerability in Firefox and Mozilla Suite Privilege Escalation Vulnerability in Firefox and Mozilla Suite Multiple Buffer Overflow Vulnerabilities in Novell ZENworks Remote Management Authentication Remote Code Execution Vulnerability in libTIFF before 3.7.2 via Malformed BitsPerSample Tag Heap-based Buffer Overflow in HT Editor ELF Parser Buffer Overflow in HT Editor PE Parser: Remote Code Execution Vulnerability Heap-based Buffer Overflow in Bakbone Netvault Demo Version SQL Injection Vulnerability in Advanced Guestbook 2.3.1: Remote Code Execution via index.php Arbitrary File Read Vulnerability in Easy Message Board Arbitrary Command Execution in easymsgb.pl Race condition vulnerability in Sophos Anti-Virus 3.93 allows remote attackers to bypass virus protection Insecure Image Protection in GeoVision Digital Video Surveillance System Weak Encryption Scheme in GeoVision Digital Video Surveillance System Allows Password Sniffing SQL Injection Vulnerability in WowBB 1.6, 1.61, and 1.62 via sort_by Parameter in view_user.php JRun Web Server in ColdFusion MX 7.0 Cross-Site Scripting (XSS) Vulnerability GameSpy CD-Key Validation System Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in WebApp Guestbook PRO 3.2.1 and Earlier Authentication Bypass Vulnerability in Neteyes Nexusway Web Module Remote Command Execution Vulnerability in Neteyes Nexusway Web Module Arbitrary Command Execution Vulnerability in Neteyes Nexusway SSH Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in MaxWebPortal 1.3.5 and Earlier via post.asp Multiple SQL Injection Vulnerabilities in MaxWebPortal 1.3.5 and Earlier Information Disclosure Vulnerability in Bugzilla Remote authenticated users can bypass bug entry restrictions in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 via post_bug.cgi. Password Exposure in Bugzilla Chart Login Remote Authentication Bypass Vulnerability in Acrowave AAP-3100AR Wireless Router SQL Injection Vulnerability in DirectTopics 2.1 and 2.2: Remote Code Execution via topic.php Sensitive Information Disclosure in DirectTopics 2.1 and 2.2 via Invalid Topic Parameter Cross-Site Scripting (XSS) Vulnerability in DirectTopics 2.1 and 2.2 Path Disclosure Vulnerability in forum.asp in bttlxeForum 2.0 Directory Traversal Vulnerabilities in ShowOff! 1.5.4 Denial of Service Vulnerability in ShowOff! 1.5.4 via Malformed Request to Port 8083 SQL Injection Vulnerability in admin_login.asp for ASP Virtual News Manager Unauthorized License Acquisition Vulnerability in Windows Media Player 9 and 10 File Type Spoofing Vulnerability in Mozilla Firefox 0.10.1 and 1.0 for Windows File Type Spoofing Vulnerability in Mozilla Firefox 0.10.1 and 1.0 for Windows Improper Access Restriction in APG Technology ClassMaster Allows Remote Folder Access Vulnerability: Lack of Device Configuration Overlay (DCO) Support in EnCase Forensic Edition 4.18a Information Disclosure Vulnerability in Apple QuickTime Player 7.0 on Mac OS X 10.4 Arbitrary Code Execution via Unrestricted File Upload in BoastMachine 3.0 Unfiltered Cross-Site Scripting (XSS) Vulnerability in Bug Report 1.0 1Two News 1.0 index.php Cross-Site Scripting (XSS) Vulnerability Arbitrary Image Upload and Deletion Vulnerability in 1Two News 1.0 Arbitrary Script Injection in Quick.Forum 2.1.6 via NewTopic Action SQL Injection Vulnerabilities in Quick.Forum 2.1.6 Sensitive Information Disclosure in Quick.Forum 2.1.6 Arbitrary Script Injection Vulnerability in Quick.cart 0.3.0 SQL Injection Vulnerability in Quick.cart 0.3.0 via iCategory Parameter Kernel Address Space Access Vulnerability in pkt_ioctl Function Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 Local Unauthorized Administrative Access Vulnerability Denial of Service Vulnerability in NIS+ on Solaris 7, 8, and 9 Arbitrary JavaScript Injection Vulnerabilities in BirdBlog before 1.3.1 Arbitrary Script Injection Vulnerability in CodeThat ShoppingCart 1.3.1 SQL Injection Vulnerability in CodeThat ShoppingCart 1.3.1: Remote Command Execution via id Parameter in catalog.php Sensitive Information Disclosure in CodeThat ShoppingCart 1.3.1 Authentication Bypass and Arbitrary Code Execution in Fusion SBX 1.2 and Earlier Arbitrary Web Script Injection Vulnerability in Invision Power Board (IPB) 2.0.3 and Earlier Remote SQL Injection Vulnerability in Invision Power Board (IPB) 2.0.3 and Earlier Arbitrary Script Injection in Kryloff Technologies Subject Search Server (SSServer) 1.1 Signature Generation Vulnerability in El Gamal Algorithm for LibTomCrypt Information Disclosure Vulnerability in MRO Maximo Self Service 4 and 5 SQL Injection Vulnerability in Net56 Browser Based File Manager 1.0 Login Page Denial of Service Vulnerability in NiteEnterprises Remote File Manager 1.0 Arbitrary File Upload and Remote Code Execution in PHP Advanced Transfer Manager (phpATM) 1.21 Cross-Site Scripting (XSS) Vulnerability in SiteStudio 1.6 Guestbook Plaintext Storage of Sensitive Information in H-Sphere Winbox 2.4.2 and 2.4.3 RC1 Log Files Remote Cart shop.cgi XSS Vulnerability Unknown Vulnerabilities in Blocks Module of Spidean AutoTheme 1.7 and AT-Lite for PostNuke: Unveiling the Hidden Risks Data Deletion Vulnerability in Sun StorEdge 6130 Arrays (SE6130) Arbitrary Web Script Injection Vulnerability in Tru-Zone NukeET 3.0 and 3.1 WebX in Web Crossing 5.x Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Open Bulletin Board (OpenBB) 1.0.8 read.php Arbitrary Web Script Injection Vulnerability in Open Bulletin Board (OpenBB) 1.0.8 Arbitrary Web Script Injection Vulnerability in Ultimate PHP Board (UPB) 1.8 through 1.9.6 SQL Injection Vulnerability in Ultimate PHP Board (UPB) 1.8 through 1.9.6 via postorder Parameter in viewforum.php Sensitive Information Disclosure in Ultimate PHP Board (UPB) 1.8 through 1.9.6 via Invalid Parameters Plaintext Password Storage Vulnerability in Willings WebCam and WebCam Lite Yahoo! Messenger URL Handler Denial of Service Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in PHPMyChat 0.14.5 via FontName Parameter Skull-Splitter Guestbook XSS Vulnerability PostNuke pnModFunc Directory Traversal Vulnerability Arbitrary Web Script Injection in MetaCart e-Shop's productsByCategory.asp Stack-based Buffer Overflow in Adobe Reader UnixAppOpenFilePerform Function Arbitrary Code Execution Vulnerability in Pico Server (pServ) Handlers.c Potential Security Issue with Viewglob Display and SSH X Forwarding Arbitrary Command Execution in WebAPP 0.9.9.2.1 and Earlier Versions via apage.cgi SQL Injection Vulnerability in Photopost PHP Pro's member.php Critical Vulnerability in Attachment Mod before 2.3.13: Realnames Exploit Information Disclosure in Booby 1.0.0 and earlier: Remote Access to Private Bookmarks Cheetah Local Code Execution Vulnerability Multiple SQL Injection Vulnerabilities in JGS-XA JGS-Portal 3.0.2 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in JGS-XA JGS-Portal 3.0.2 and Earlier JGS-XA JGS-Portal 3.0.2 and earlier Full Server Path Disclosure Vulnerability Insecure File Permissions and Predictable Filename Vulnerability in mysql_install_db SQL Injection Vulnerabilities in NPDS 4.8 and 5.0 via thold Parameter in comments.php and pollcomments.php Cross-Site Scripting (XSS) Vulnerability in SafeHTML's _writeAttrs Function SQL Injection Vulnerability in Sigma ISP Manager 6.6: Remote Code Execution Inadequate Verification of Owner Privileges in Ignition Project ignitionServer Denial of Service Vulnerability in mod_channel of The Ignition Project ignitionServer SQL Injection Vulnerability in Woltlab Burning Board 2.x and Earlier: Remote Code Execution via verify_email Function Zoidcom 1.0 Beta 4 and Earlier UDP Packet Size Denial of Service Vulnerability 1Two Livre d'Or 1.0 Guestbook.php Cross-Site Scripting (XSS) Vulnerability Insufficient Access Control in Keyvan1 ImageGallery Allows Remote Information Disclosure FTP Bounce Attack Vulnerability in Fastream NETFile FTP/Web Server 7.4.6 Insecure Storage of Credentials in Gurgens (GASoft) Guest Book 2.1 Insecure Storage of Credentials in Gurgens (GASoft) Ultimate Forum 1.0 IPv6 Denial of Service Vulnerability in Windows XP SP2, 2003 Server SP1, and Longhorn User Enumeration Vulnerability in Woppoware PostMaster 4.2.2 Directory Traversal Vulnerability in Woppoware PostMaster 4.2.2 (build 3.2.5) - Remote File Existence Disclosure Authentication Bypass Vulnerability in Woppoware PostMaster 4.2.2 (build 3.2.5) Arbitrary Web Script Injection Vulnerability in Woppoware PostMaster 4.2.2 Arbitrary User Registration Vulnerability in Hosting Controller 6.1 Hotfix 1.9 and Earlier Denial of Service Vulnerability in AOL Instant Messenger 5.5.x and Earlier Remote Code Disclosure Vulnerability in Mercur Messaging 2005 SP2 Multiple Directory Traversal Vulnerabilities in Mercur Messaging 2005 SP2 Directory Traversal Vulnerability in MyServer 0.8's filemanager.cpp MyServer 0.8 Filemanager.cpp XSS Vulnerability Insufficient Access Control in HTMLJunction EZGuestbook Allows Remote Information Disclosure Denial of Service Vulnerability in Jeuce Personal Webserver 2.13 Jeuce Personal Web Server 2.13 Directory Traversal Vulnerability Denial of Service Vulnerability in Jeuce Personal Web Server 2.13 ASP.NET ViewState Replay Vulnerability Denial of Service Vulnerability in Microsoft ASP.NET 1.x Buffer Overflow Vulnerabilities in Orenosv HTTP/FTP Server 0.8.1 Denial of Service Vulnerability in DataTrac Activity Console 1.1 Remote Privilege Escalation in YusASP Web Asset Manager 1.0 via assetmanager.asp Arbitrary Script Injection in Opera 8.0 Final Build 1095 Arbitrary Command Execution Vulnerability in Extreme BlackDiamond Switches Logfile Feature in Yahoo! Messenger Allows Unauthorized Access to Sensitive Information Multiple Cross-Site Scripting (XSS) Vulnerabilities in Help Center Live Multiple SQL Injection Vulnerabilities in Help Center Live CSRF Vulnerability in Help Center Live Allows Remote Administrator Actions Insecure EVERYBODY Permissions in Groove Virtual Office and Groove Workspace Cross-Site Scripting (XSS) Vulnerabilities in Groove Mobile Workspace and Groove Virtual Office Bypassing COM Object Restrictions in Groove Virtual Office and Groove Workspace File Extension Spoofing Vulnerability in Groove Virtual Office and Groove Workspace Arbitrary Code Execution via Stack-based Buffer Overflow in picasm 1.12b and Earlier Authentication Bypass Vulnerability in D-Link DSL Routers PHP Remote File Inclusion Vulnerability in phpATM 1.21 and Earlier Versions Improper Validation of Message Number in JavaMail API Allows Unauthorized Access to E-mail Messages Buffer Overflow Vulnerability in Microsoft Word for Macintosh Episodex Guestbook Default.asp XSS Vulnerability Remote Code Execution in Episodex Guestbook via admin.asp Format String Vulnerability in gedit 2.10.2 Allows Denial of Service via Filename Arbitrary SQL Command Execution in WordPress wp-trackback.php Information Disclosure Vulnerability in WordPress 1.5 and Earlier Double Free Vulnerability in MIT Kerberos 5 (krb5) 1.4.1 and Earlier Directory Traversal Vulnerability in SAP Internet Graphics Server (IGS) Remote Code Execution via Format String Vulnerability in gxine Heap-based buffer overflow in Computer Associates Vet Antivirus library allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1 Multiple SQL Injection Vulnerabilities in Xanthia.php in PostNuke 0.750 Cross-Site Scripting (XSS) Vulnerabilities in PostNuke RSS Module Multiple Cross-Site Scripting (XSS) Vulnerabilities in PostNuke 0.750 and 0.760RC3 Information Disclosure Vulnerability in PostNuke RSS Module Information Disclosure Vulnerability in PostNuke 0.750 and 0.760RC3 Arbitrary File Read Vulnerability in PostNuke Xanthia Module SQL Injection Vulnerability in pnadmin.php in Xanthia Module in PostNuke 0.760-RC3 SQL Injection Vulnerability in PortailPHP 1.3: Remote Code Execution via id Parameter Format String Vulnerability in Warrior Kings: Battles and Warrior Kings Remote Denial of Service Vulnerability in Warrior Kings: Battles 1.23 and Earlier Heap-based buffer overflow in BFD library allows arbitrary code execution Arbitrary Command Execution via .gdbinit Configuration File in GDB Incomplete Reporting of Viruses in Zip Files Vulnerability in MailScanner 4.41.3 and Earlier Local File Overwrite Vulnerability in Gentoo webapp-config Arbitrary Privilege Escalation in Blue Coat Reporter 7.1.2 Remote Unauthenticated License Addition Vulnerability in Blue Coat Reporter before 7.1.2 Cross-Site Scripting (XSS) Vulnerabilities in Blue Coat Reporter 7.1.2 Gibraltar Firewall 2.2 and earlier: Defunct ClamAV Method Allows Undetected Viruses Arbitrary Media File Upload Vulnerability in Serendipity 0.8 with Multiple Authors Cross-Site Scripting (XSS) Vulnerabilities in Serendipity 0.8 Templatedropdown and Shoutbox Plugins NetWin SurgeMail 3.0c2 Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in TOPo 2.2 (2.2.178) index.php Insufficient Access Control in TOPo 2.2 (2.2.178) Allows Remote Information Disclosure Denial of Service Vulnerability in ZyXEL Prestige 650R-31 Router Buffer Overflow in LS Games War Times 1.03 and Earlier: Remote Denial of Service via Long Nickname Unpatched vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier on Windows NT 4.0 ACL Override Vulnerability in AFP Server for Mac OS X 10.4.1 Buffer Overflow Vulnerability in AFP Server for Mac OS X 10.4.1 Allows Arbitrary Code Execution Arbitrary Command Injection Vulnerability in CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 Bypassing Unsafe Type Restrictions in LaunchServices NFS Filesystem Access Bypass Vulnerability in Apple Mac OS X 10.4.x up to 10.4.1 Symlink Attack Vulnerability in launchd 106 on Apple Mac OS X 10.4.x up to 10.4.1 Privilege Escalation via CoreGraphics Window Server in Mac OS X 10.4.1 Insecure Permissions in Apple Mac OS X 10.4.x: Vulnerability in System Cache and Dashboard Widgets Insecure Logging of Portable Home Directory Credentials in MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 Denial of Service Vulnerability in Novell eDirectory 8.7.3 Denial of Service Vulnerability in OpenSSL ASN.1 Parser in Novell iManager 2.0.2 Order Notification List Disclosure in Cookie Cart Insecure Storage of Password File in Cookie Cart Multiple SQL Injection Vulnerabilities in PROMS before 0.11: Remote Code Execution Arbitrary Web Script Injection in PROMS before 0.11 Privilege Escalation Vulnerability in PROMS 0.11 Multiple Unknown Vulnerabilities in PROMS 0.11: Unauthorized Access and Data Manipulation Format String Vulnerability in logPrintBadfile Function in Iron Bars SHell (ibsh) Denial of Service Vulnerability in XWD Decoder of ImageMagick and GraphicsMagick Insecure Temporary File Creation in Net-snmp 5.x Denial of Service Vulnerability in Gearbox Software Halo: Combat Evolved 1.6 Vulnerability: Unauthorized Shrink or Reset of JDBC Connection Pools in BEA WebLogic Server 8.1 SP2 and SP3 Insecure Exception Handling in BEA WebLogic Server and WebLogic Express Session Persistence Vulnerability in BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 Insecure Password Printing in BEA WebLogic Portal 8.1 Denial of Service Vulnerability in BEA WebLogic Server 7.0 through Service Pack 5 Multiple Cross-Site Scripting (XSS) Vulnerabilities in BEA WebLogic Server and Express Remote Anonymous Binds Vulnerability in BEA WebLogic Server and Express Buffer Overflow Vulnerability in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4: Remote Denial of Service (CPU Consumption) SQL Injection Vulnerability in Login.ASP in ezdwc NewsletterEz 3.0 Race condition vulnerability in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via symlink attack on .shtool.$$ temporary file Arbitrary Command Execution in Gforge SCM Component (CVE-XXXX-XXXX) Remote Access to Other Users' Email Attachments in JavaMail API 1.1.3 through 1.3 Arbitrary File Read Vulnerability in JavaMail API 1.1.3 through 1.3 PHP Poll Creator 1.01 - Remote File Inclusion Vulnerability in poll_vote.php Arbitrary Web Script Injection in Novell NetMail 3.52 ModWeb Agent Arbitrary Code Execution Vulnerability in Novell NetMail Modweb Agent Remote Code Execution Vulnerability in Novell NetMail 3.52 Race condition vulnerability in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via symlink attack on temporary files Vulnerability: Password Leakage and Privilege Escalation in sysreport 1.3.15 and Earlier Denial of Service Vulnerability in Linux Kernel on IA64 Architecture via ptrace and restore_sigcontext Denial of Service Vulnerability in Linux Kernel 2.6.8.1 and 2.6.10 for AMD64 Platform Buffer Overflow Vulnerability in ptrace: Unauthorized Write Access to Kernel Memory Vulnerability: Lack of Guard Page Protection in Linux 2.6.11 on 64-bit x86 (x86_64) Platforms Denial of Service Vulnerability in Linux Kernel 2.6.8.1 and 2.6.10 for AMD64 Platform Heap-based Buffer Overflow in RealPlayer 10.5 and Earlier Versions Stack Segment Fault Vulnerability in Linux Kernel 2.6.x and 2.4.x Race condition vulnerability in ia32 compatibility code for execve system call in Linux kernel 2.4 and 2.6 allows for denial of service and potential arbitrary code execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 Buffer Overflow Vulnerability in Avast! Antivirus 4.6 and Other Versions Remote Unauthorized Access Vulnerability in HP-UX Trusted Systems B.11.00 through B.11.23 Buffer Overflow in Client CD-Key Hash in Terminator 3: War of the Machines 1.16 and Earlier Remote Code Execution and Denial of Service Vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d Local Privilege Escalation in WEB-DAV Linux File System (davfs2) 0.2.3 Denial of Service Vulnerability in Terminator 3: War of the Machines 1.16 and Earlier Buffer Overflow in READ_TCP_STRING Function in C'Nedra Network Plugin SQL Injection Vulnerability in readpmsg.php in PostNuke 0.750 Arbitrary Web Script Injection Vulnerability in PostNuke 0.750 SQL Injection Vulnerability in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next Active News Manager SQL Injection Vulnerability in admin/login.asp SMTP Authentication Denial of Service Vulnerability in MailEnable Multiple Cross-Site Scripting (XSS) Vulnerabilities in BookReview Beta 1.0 Path Disclosure Vulnerability in BookReview beta 1.0 Remote Code Execution and Privilege Escalation in Hosting Controller 6.1 HotFix 2.0 and earlier SQL Injection Vulnerability in ZonGG 1.2 ad/login.asp Allows Remote Code Execution SQL Injection Vulnerability in FunkyASP AD System 1.1 Allows Remote Code Execution and Privilege Escalation Authentication Bypass Vulnerability in phpStat 1.5 via $check Variable SQL Injection Vulnerability in Hosting Controller 6.1 Hotfix 2.0: Remote Code Execution via resellerresources.asp SQL Injection Vulnerability in SignIn.asp in India Software Solution Shopping Cart Mismatched Document Object Model Objects Memory Corruption Vulnerability in Microsoft Internet Explorer 6 SP2 and earlier versions Denial of Service Vulnerability in Microsoft Internet Explorer 6 SP2 WMI Service Memory Leak Vulnerability Denial of Service Vulnerability in User32.DLL RSA Private Key Spoofing Vulnerability in Microsoft Terminal Server Arbitrary Code Execution Vulnerability in Clam AntiVirus (ClamAV) on Mac OS Arbitrary Code Execution via Format String Vulnerability in Ettercap Ncurses Interface Timing Attacks on AES S-Box Lookups: Exploiting Vulnerabilities in AES Key Recovery Directory Traversal Vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 Arbitrary Web Script Injection Vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 Arbitrary Script Injection in Jaws Glossary Gadget 0.4 to 0.5.1 vCard Viewer Denial of Service Vulnerability in Nokia 9500 Denial of Service Vulnerability in Nortel VPN Router (Contivity) via Malformed ISAKMP Header Multiple Cross-Site Scripting (XSS) Vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 SQL Injection Vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 SQL Injection Vulnerability in Login Page of Online Solutions for Educators (OS4E) Remote Code Execution via Format String Vulnerability in PeerCast 0.1211 and Earlier Denial of Service Vulnerability in PHPMailer 1.7.2 and Earlier Denial of Service Vulnerability in Firefly Studios Stronghold 2 1.2 and Earlier Denial of Service Vulnerability in Sony Ericsson P900 Beamer SQL Injection Vulnerability in WordPress 1.5.1 Template Functions Category Arbitrary Script Injection in MyBB User Profile Website Field Stack-based Buffer Overflow in FutureSoft TFTP Server Evaluation Version 1.0.0.1 FutureSoft TFTP Server Evaluation Version 1.0.0.1 Directory Traversal Vulnerability Stack-based Buffer Overflow in PicoWebServer 1.0: Remote Code Execution and Denial of Service Vulnerability Buffer Overflow Vulnerabilities in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 Invision Power Board (IPB) 1.0 through 2.0.4 Root Admin Group Privilege Escalation Vulnerability Arbitrary Forum Post Editing Vulnerability in Invision Power Board (IPB) 1.0 - 1.3 NewLife Blogger 3.3.1 Multiple SQL Injection Vulnerabilities Arbitrary Code Injection through Cross-Site Scripting (XSS) in NikoSoft WebMail Arbitrary PHP Code Execution in Zeroboard 4.1pl2 to 4.1pl5 via Improper Quoting in zboard.php PowerDownload 3.0.2 and 3.0.3 - Remote File Inclusion Vulnerability in pdl_header.inc.php Multiple SQL Injection Vulnerabilities in Qualiteam X-Cart 4.0.8 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Qualiteam X-Cart 4.0.8 SQL Injection Vulnerability in mailutils SQL Authentication Module Stack-based Buffer Overflow in HP Radia Notify Daemon 3.1.2.0 and Earlier Versions Remote Code Execution Vulnerability in HP Radia Notify Daemon 3.1.0.0 and Other Versions D-Link DSL-504T Firmwarecfg Authentication Bypass Vulnerability Clear-text Storage of Usernames and Passwords in D-Link DSL-504T Router Configuration File Vulnerability Denial of Service Vulnerability in Microsoft Internet Explorer 6 SP2 Denial of Service Vulnerability in Compuware SoftICE DriverStudio 3.1 and 3.2 Privilege Escalation Vulnerability in Sudo 1.6.8p7 on SuSE Linux 9.3 and Other Distributions Multiple Cross-Site Scripting (XSS) Vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and Earlier Multiple SQL Injection Vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 SQL Injection Vulnerability in Login Page of NEXTWEB (i)Site Allows Remote Attackers to Bypass Authentication and Execute Arbitrary SQL Commands Insufficient Access Control Allows Remote Information Disclosure Denial of Service Vulnerability in NEXTWEB (i)Site Hardcoded Username and Password Vulnerability in Fortinet Firewall Cross-Site Scripting Vulnerabilities in Liberum Help Desk 0.97.3 SQL Injection Vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 Directory Traversal Vulnerability in phpCMS 1.2.x Insecure Temporary File Permissions in Adobe Reader 5.0.9 and 5.0.10 Symlink Attack Vulnerability in VCNative for Adobe Version Cue Arbitrary Code Execution Vulnerability in VCNative for Adobe Version Cue YaMT 0.5_2 - Multiple Directory Traversal Vulnerabilities Allowing Arbitrary File Overwrite Buffer Overflow Vulnerabilities in YaMT: Arbitrary Code Execution via Rename and Sort Options Out-of-Bounds Memory Read Vulnerability in dhcpcd DHCP Client Denial of Service Vulnerability in zlib 1.2.2 via Invalid File Insecure Temporary File Creation in ekg Gadu Gadu Client 1.5 and Earlier Shell Command Execution Vulnerability in ekg Gadu Gadu Client 1.5 and Earlier Integer Overflow Vulnerabilities in libgadu: Remote Code Execution and Denial of Service Improper Temporary File Creation in Gopher Client 3.0.5 Allows Privilege Escalation Arbitrary Command Execution Vulnerability in apt-cacher in Debian 3.1 World-readable backup files in Backup Manager (backup-manager) before 0.5.8 expose sensitive information to local users Vulnerability: Local Privilege Escalation via Symlink Attack in backup-manager 0.5.8 and earlier Simpleproxy before 3.4 Format String Vulnerability Memory Leakage Vulnerability in FUSE 2.x Arshell Vulnerability in SGI ProPack: Unauthorized Execution of Arbitrary Shells Remote File Inclusion Vulnerability in Calendarix Advanced 1.5 Multiple SQL Injection Vulnerabilities in Calendarix Advanced 1.5 Arbitrary Script Injection in Calendarix Advanced 1.5 via year Parameter Hard-coded Database Administrator Password Vulnerability in Symantec Brightmail AntiSpam Arbitrary PHP Code Execution via File Attachment Upload in I-Man 0.9 and Earlier Versions MWChat 6.x - Remote File Inclusion Vulnerability in start_lobby.php Arbitrary PHP Code Execution via Remote File Inclusion in Popper 1.41-r2 and Earlier Privilege Escalation Vulnerability in Drupal 4.4.0 through 4.6.0 Arbitrary Code Execution via Buffer Overflow in IBM WebSphere Application Server Administrative Console Multiple Buffer Overflows in Crob FTP 3.6.1 and Earlier Versions Arbitrary File Creation Vulnerability in Dzip before 2.9 Multiple SQL Injection Vulnerabilities in Exhibit Engine (EE) 1.22 via list.php CuteNews 1.3.6 and Earlier: Remote Code Injection via Template File Arbitrary Web Script Injection Vulnerability in Lpanel view_ticket.php Local Privilege Escalation via Symlink Attack in GIPTables Firewall 1.1 and Earlier Local Privilege Escalation via Symlink Attack in LutelWall 0.97 and Earlier Local File Overwrite Vulnerability in everybuddy 0.4.3 and Earlier Arbitrary File Upload and Remote Code Execution in YaPiG 0.92b, 0.93u, and 0.94u YaPiG 0.93u and 0.94u Remote File Inclusion Vulnerability Arbitrary Local File Inclusion in YaPiG 0.92b via BASE_DIR Parameter in global.php Directory Traversal Vulnerability in YaPiG's upload.php Allows Arbitrary Directory Creation or Deletion Path Disclosure Vulnerability in YaPiG 0.92b, 0.93u, and 0.94u via Non-Integer phid Parameter YaPiG 0.92b, 0.93u, and 0.94u view.php Cross-Site Scripting (XSS) Vulnerability Privilege Escalation Vulnerability in Sun Solaris C Library Arbitrary Web Script Injection via HTML Attributes in MediaWiki File Reading Vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier Private Forum Access Vulnerability in Mortiforo before 0.9.1 Integer Underflow Vulnerability in AOL Instant Messenger (AIM) GIF Parser Denial of Service and Information Disclosure Vulnerabilities in FlatNuke 2.5.3 Information Disclosure Vulnerability in FlatNuke 2.5.3 FlatNuke 2.5.3 Remote Code Injection Vulnerability Arbitrary Web Script Injection in FlatNuke 2.5.3 via help.php and footer.php Directory Traversal Vulnerability in thumb.php in FlatNuke 2.5.3 Unspecified Vulnerability in FlexCast Audio Video Streaming Server 2.0 Remote File Read Vulnerability in phpThumb.php Denial of Service Vulnerability in Rakkarsoft RakNet Network Library 2.33 and Earlier Authentication Bypass Vulnerability in Sawmill before 7.1.6 Cross-Site Scripting (XSS) Vulnerabilities in Sawmill Before 7.1.6 Directory Traversal Vulnerability in SPA-PRO Mail @Solomon 4.00 IMAP Service Buffer Overflow Vulnerability in IMAP Service for SPA-PRO Mail @Solomon 4.00 SQL Injection Vulnerability in JiRo's Upload System (JUS) 1 Login Page Privilege Escalation Vulnerability in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 SQL Injection Vulnerability in Login.asp in LivingMailing 1.3 Denial of Service Vulnerability in Microsoft ISA Server 2000 Access Control Bypass in Perception LiteWeb via Leading Slash or Backslash in URL Cross-Site Scripting (XSS) Vulnerability in 602LAN SUITE 2004 Web Server Control Panel SQL Injection Vulnerability in Login.asp for WWWeb Concepts Events System 1.0 Denial of Service Vulnerability in fetchnews NNTP Client Kernel Panic Vulnerability in Linux Kernel 2.6 before 2.6.12.1 Predictable File Name Vulnerability in CenterICQ 4.20.0 and Earlier Symlink Attack Vulnerability in log4sh 1.2.5 and Earlier Symlink Attack Vulnerability in linki.py of ekg 2005-06-05 and Earlier Symlink Attack Vulnerability in Kpopper 1.0 and Earlier GNU tar directory traversal vulnerability in Red Hat Enterprise Linux 3 and 2.1 Insecure Permissions in Kate and Kwrite Applications in KDE Eval Injection Vulnerability in PEAR XML_RPC and PHPXMLRPC Denial of Service Vulnerability in Clam AntiVirus (ClamAV) 0.86 and earlier Denial of Service Vulnerability in Clam AntiVirus (ClamAV) 0.83 and Earlier Versions Arbitrary Command Execution in G/PGP Plugin for Squirrelmail Multiple Directory Traversal Vulnerabilities in Tikiwiki before 1.9.1 Denial of Service and Memory Leak Vulnerability in Trend Micro ServerProtect EarthAgent Heap-based Buffer Overflow Vulnerabilities in Trend Micro ServerProtect Management Console Crystal Report Component Directory Traversal Vulnerability in Trend Micro ServerProtect Management Console Denial of Service Vulnerability in GoodTech SMTP Server 5.14 Multiple Critical Vulnerabilities in Lpanel Arbitrary Command Execution via Dashboard Widget Override in Apple Mac OS X Tiger 10.4 Denial of Service Vulnerability in Gaim 1.3.1 and Earlier Versions Heap-based Buffer Overflow in Microsoft ASN.1 Library (MSASN1.DLL) Allows Remote Code Execution ESS/ Network Controller Web Server Unauthorized Access Vulnerability Frame Injection Spoofing Vulnerability Arbitrary File Read Vulnerability in Ipswitch WhatsUp Small Business 2004 Arbitrary Code Execution Vulnerability in SilverCity before 0.9.5-r1 Vulnerability: Remote Bypass of Port Security in Cisco Switches via Spoofed CDP Messages SQL Injection Vulnerabilities in Loki Download Manager 2.0 Local File Deletion Vulnerability in xmysqladmin 1.0 and Earlier Arbitrary Script Injection in Invision Blog's convert_highlite_words Function Multiple SQL Injection Vulnerabilities in Invision Blog before 1.1.2 Final CSRF Vulnerability in Invision Gallery Allows Unauthorized Deletion of Albums and Images SQL Injection Vulnerabilities in Invision Gallery before 1.3.1 Arbitrary Command Execution Vulnerability in ePing Plugin for e107 Portal Arbitrary Command Execution in Webhints 1.03 via hints.pl HTTP Response Splitting Vulnerabilities in osCommerce 2.2 Milestone 2 and Earlier Pico Server (pServ) 3.3 Directory Traversal Vulnerability Remote Code Execution Vulnerability in Pico Server (pServ) 3.3 via Heap-based Buffer Overflow Information Disclosure Vulnerability in Singapore 0.9.11 Arbitrary Web Script Injection Vulnerability in Singapore 0.9.11 index.php Arbitrary File Upload Vulnerability in File Upload Manager Authentication Bypass Vulnerability in mtnpeak.net File Upload Manager Arbitrary Command Execution in JamMail 1.8 via jammail.pl Arbitrary Command Execution Vulnerability in C.J. Steele Tattle's getemails Function Cache Data Leakage Vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 Arbitrary Script Injection in Cerberus Helpdesk 0.97.3 Information Disclosure in Cerberus Helpdesk 0.97.3 Arbitrary PHP Code Execution via Remote File Inclusion in Ovidentia Portal's utilit.php Remote Code Execution in Broadpool Siteframe via PHP Remote File Inclusion Vulnerability Arbitrary Command Execution Vulnerability in eTrace Plugin for e107 Portal Multiple SQL Injection Vulnerabilities in ProductCart Ecommerce before 2.7 ProductCart Ecommerce before 2.7 Cross-Site Scripting (XSS) Vulnerability in techErr.asp Pragma Systems Telnetserver 6.0 XSS Vulnerability Arbitrary Command Execution via Caller Properties in Symantec pcAnywhere Arbitrary File Inclusion Vulnerability in InteractivePHP FusionBB .11 Beta and Earlier SQL Injection Vulnerabilities in InteractivePHP FusionBB Java Web Start Privilege Escalation Vulnerability Unspecified Privilege Escalation Vulnerability in Java 2 Platform Multiple Cross-Site Scripting (XSS) Vulnerabilities in Annuaire 1Two 1.1 and Earlier Insecure File Permissions in Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c on Linux Memory Structure Vulnerability in COM+ in Microsoft Windows Remote Denial of Service Vulnerability in Microsoft Windows Distributed Transaction Controller Distributed TIP Vulnerability in Microsoft Windows Distributed Transaction Controller Kerberos Message Crafted Denial of Service Vulnerability in Microsoft Windows Server PKINIT Protocol Vulnerability: Local User Information Disclosure and Server Spoofing via MITM Attack Stack-based Buffer Overflow in Windows Plug and Play Service Remote Code Execution Vulnerability in Windows Print Spooler Service Remote Code Execution Vulnerability in Client Service for NetWare (CSNW) on Windows 2000, XP, and Server 2003 Buffer Overflow in Collaboration Data Objects (CDO) Allows Remote Code Execution JPEG Image Rendering Memory Corruption Vulnerability in Internet Explorer 5.0, 5.5, and 6.0 WebDAV Cross-Domain Vulnerability in Internet Explorer 5.0, 5.5, and 6.0 COM Object Instantiation Memory Corruption Vulnerability in Internet Explorer 5.0, 5.5, and 6.0 Arbitrary Command Execution Vulnerability in Ruby XMLRPC Server Privilege Escalation via Race Condition in Sudo File Download Bypass Vulnerability in Finjan SurfinGate 7.0SP2 and SP3 Information Disclosure in Bitrix Site Manager 4.0.x via subscr_form.php and dbquery_error.php Bitrix Site Manager 4.0.x - PHP Remote File Inclusion Vulnerability in start.php Arbitrary Database Connection and Information Disclosure Vulnerability in McGallery 1.1 McGallery 1.1 admin.php Directory Traversal Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in paFileDB 3.1 Multiple SQL Injection Vulnerabilities in paFileDB 3.1 and Earlier Arbitrary File Inclusion Vulnerability in paFileDB 3.1 and Earlier Arbitrary SQL Command Execution in Mambo 4.5.2.2 and Earlier Sensitive Information Disclosure in Ultimate PHP Board (UPB) 1.9.6 GOLD Multiple Cross-Site Scripting Vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and Earlier Insufficient Access Control in Ultimate PHP Board (UPB) 1.9.6 GOLD and Earlier Sensitive Information Disclosure in JBOSS 3.2.2 - 3.2.7 and 4.0.2 via GET Request Directory Traversal Vulnerability in Edgewall Trac 0.8.3 and Earlier Yaws Webserver Source Code Disclosure Vulnerability Multiple SQL Injection Vulnerabilities in Ublog Reload 1.0.5 Arbitrary Web Script Injection via btitle Parameter in Ublog Reload 1.0.5 Cross-Site Scripting (XSS) Vulnerabilities in paFAQ 1.0 Beta 4 SQL Injection Vulnerabilities in paFAQ 1.0 Beta 4 Login System Sensitive Information Disclosure in paFAQ 1.0 Beta 4 via admin/backup.php Arbitrary PHP Command Execution via Malicious Language Pack Upload in paFAQ 1.0 Beta 4 Privilege Escalation Vulnerability in Symantec AntiVirus 9 Corporate Edition Cache Corruption Vulnerability in ipfw on FreeBSD 5.4 with SMP/UP and PREEMPTION Kernel Option 3Com Network Supervisor 5.0.2 Web Server Directory Traversal Vulnerability Arbitrary Web Script Injection Vulnerability in cPanel 9.1 and Earlier Cross-Site Scripting (XSS) Vulnerability in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 Improper Handling of Options in send_pinentry_environment Function in gpg2 on SUSE Linux 9.3 Denial of Service Vulnerability in Vipul Razor Agents (razor-agents) before 2.70 Cisco VPN 3000 Concentrator Groupname Enumeration Vulnerability Hard-coded Debugging Account Vulnerability in Enterasys Vertical Horizon VH-2402S Firmware Improper Debugging Command Restriction in Enterasys Vertical Horizon VH-2402S Firmware SQL Injection Vulnerability in MercuryBoard 1.1.4 and Earlier: Remote Code Execution via User-Agent Header Insecure Storage of Database Credentials in amaroK Web Frontend 1.3 Weak Password Encryption in Ultimate PHP Board (UPB) 1.9.6 GOLD Multiple SQL Injection Vulnerabilities in socialMPN Local Privilege Escalation Vulnerability in lpadmin on Sun Solaris 7, 8, and 9 Arbitrary File and Directory Read Vulnerability in Blue-Collar Productions i-Gallery 3.3 Arbitrary Web Script Injection Vulnerability in BlueCollar iGallery 3.3 SQL Injection Vulnerability in Cool Cafe Chat 1.2.1 Login Page Remote Code Execution in Cool Cafe Chat 1.2.1 via Modified Nickname Value Multiple SQL Injection Vulnerabilities in Fortibus CMS 4.0.0 Remote User Information Modification Vulnerability in Fortibus CMS 4.0.0 Arbitrary Command Execution Vulnerability in NanoBlogger 3.2.1 and Earlier Multiple Buffer Overflows in Heimdal Telnetd's getterminaltype Function Buffer Overflow Vulnerability in HAURI ViRobot 2.0 Allows Remote Code Execution ajax-spell before 1.8 Cross-Site Scripting (XSS) Vulnerability XAMPP Directory Traversal Vulnerability in lang.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 Multiple SQL Injection Vulnerabilities in DUware DUportal PRO 3.4.3 Multiple SQL Injection Vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 Multiple SQL Injection Vulnerabilities in DUware DUpaypal Pro 3.0 Multiple SQL Injection Vulnerabilities in DUware DUforum 3.1 and Earlier Versions SQL Injection Vulnerabilities in DUware DUclassmate 1.2 Remote Memory Reading Vulnerability in Tor before 0.1.0.10 Remote Code Execution Vulnerability in VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 Heap-based Buffer Overflow in RealPlayer and RealOne Player via Modified .avi File Path Disclosure Vulnerability in Just another flat file (JAF) CMS before 3.0 Final Arbitrary File Overwrite and ActiveX Execution Vulnerability in RealPlayer and RealOne Player Arbitrary HTML File Execution Vulnerability in RealPlayer and RealOne Player Denial of Service Vulnerability in Clam AntiVirus Quantum Archive Decompressor Multiple Cross-Site Scripting (XSS) Vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta Multiple SQL Injection Vulnerabilities in Infopop UBB.Threads CSRF Vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta HTTP Response Splitting Vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta Arbitrary File Inclusion Vulnerability in Infopop UBB.Threads before 6.5.2 Beta Multiple SQL Injection Vulnerabilities in ActiveBuyAndSell 6.2 Cross-Site Scripting (XSS) Vulnerabilities in ActiveBuyAndSell 6.2 Multiple Cross-Site Scripting Vulnerabilities in ASP Nuke 0.80 ASP Nuke 0.80 Language_Select.asp HTTP Response Splitting Vulnerability Arbitrary SQL Execution Vulnerability in comment_post.asp in ASP Nuke 0.80 SQL Injection Vulnerability in article.asp in ASPNuke TCP Option Modification Vulnerability Vulnerability: Cleartext Password Exposure in pam_ldap and nss_ldap with OpenLDAP Denial of Service Vulnerability in ClamAV Mail Filter Privilege Escalation in Traceroute on Sun Solaris 10 x86 Systems Privilege Escalation via LD_AUDIT Environment Variable in Solaris Local Privilege Escalation and Unauthorized Data Manipulation in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 Arbitrary Web Script Injection in PHP-Fusion 6.0.105 via News or Article Post Predictable Filename Vulnerability in PHP-Fusion 5.0 and 6.0 Vulnerability in HP Version Control Repository Manager (VCRM) Allows Password Disclosure Arbitrary Web Script Injection Vulnerability in Hosting Controller's error.asp Denial of Service Vulnerability in BisonFTP Server V4R1 Heap-based Buffer Overflow in VERITAS Backup Exec Admin Plus Pack Option Privilege Escalation Vulnerability in VERITAS Backup Exec Remote Agent for Windows Servers (RAWS) Asterisk 1.0.7 Stack-based Buffer Overflow Vulnerability Arbitrary Command Execution in imTRSET 1.02 and Earlier via im_trbbs.cgi Format String Vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 Build 1051 Arbitrary Script Injection in Community Forum SearchResults.aspx Buffer Overflow Vulnerability in Inframail Advantage Server Edition 6.0 through 6.7 Arbitrary PHP Code Execution via Remote File Inclusion in phpBB 2.0.15 and Earlier Denial of Service and Remote Code Execution Vulnerability in Internet Explorer 5.01 SP4 up to 6 HTTP Request Smuggling Vulnerability HTTP Request Smuggling Vulnerability in Microsoft IIS 5.0 and 6.0 HTTP Request Smuggling Vulnerability in Jakarta Tomcat 5.0.19 and Tomcat 4.1.24 HTTP Request Smuggling Vulnerability in IBM WebSphere 5.1 and 5.0 HTTP Request Smuggling in BEA Systems WebLogic 8.1 SP1 HTTP Request Smuggling in Oracle 9i Application Server (Oracle9iAS) 9.0.2 HTTP Request Smuggling in Sun SunONE Web Server 6.1 SP1 Remote Code Execution and Cross-Site Scripting Vulnerability in SquirrelMail 1.4.4 and Earlier Buffer Overflow Vulnerability in zlib 1.2 and Later Versions via Crafted PNG File Denial of Service Vulnerability in xpdf and kpdf via loca Table in PDF Files Denial of Service Vulnerability in Linux Kernel's KEYCTL_JOIN_SESSION_KEYRING Operation Keyring Destruction Null Dereference Vulnerability Improper Bounds Checking in rw_vm Function Allows for Denial of Service in Red Hat Enterprise Linux 4 Insecure Temporary File Creation in KDE 3.0 to 3.4.2 Allows Local File Overwrite Denial of Service Vulnerability in Gaim AIM/ICQ Module Buffer Overflow Vulnerability in Gaim's AIM and ICQ Module Local Privilege Escalation via Symlink Attack in sysreport before 1.3.7 Cisco IOS RADIUS Authentication Bypass Vulnerability Arbitrary PHP Code Execution Vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 Cross-Site Scripting (XSS) Vulnerabilities in WordPress 1.5.1.2 and Earlier via post.php XMLRPC Server SQL Injection Vulnerability in WordPress 1.5.1.2 and Earlier Uninitialized Variable Vulnerability in WordPress 1.5.1.2 and Earlier Information Disclosure Vulnerability in WordPress 1.5.1.2 and Earlier Arbitrary Command Execution in login.cgi of Community Link Pro Web Editor Multiple Cross-Site Scripting (XSS) Vulnerabilities in XOOPS 2.0.11 and Earlier SQL Injection Vulnerability in XOOPS XMLRPC Server Denial of Service Vulnerability in Gecko Engine Denial of Service Vulnerability in Soldier of Fortune II 1.02x and 1.03 Arbitrary Code Execution Vulnerability in Web View of Windows Explorer Arbitrary Command Execution via Crafted Shortcut File in Windows Shell Arbitrary Memory Overwrite Vulnerability in MIDL_user_allocate Function of MSDTCPRX.DLL Stack-based Buffer Overflow in Plug and Play Service (UMPNPMGR.DLL) in Microsoft Windows Remote Code Execution via Windows Shell Shortcut File Vulnerability Heap-based Buffer Overflow Vulnerabilities in Windows Graphics Rendering Engine Windows Metafile Vulnerability Arbitrary File Overwrite Vulnerability in Windows XP, Server 2003, and Internet Explorer 6 Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability Null Byte Write Vulnerability in Microsoft Windows Media Player 9 Denial of Service Vulnerability in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 RPC Portmapper (rpcbind) Denial of Service Vulnerability in NetBSD Audio Drivers SQL Injection Vulnerability in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 World-readable and World-writable Permissions in Raritan Dominion SX Console Servers Arbitrary Directory Listing Vulnerability in NateOn Messenger 3.0 Cross-Site Scripting (XSS) Vulnerability in Comdev eCommerce 3.0 and 3.1 Remote File Inclusion Vulnerability in Pavsta Auto Site's user_check.php Allows Arbitrary Code Execution FSboard 2.0 Default.asp Directory Traversal Vulnerability Denial of Service Vulnerability in TCP Chat 1.0 Golden FTP Server 2.60 Directory Traversal Vulnerability Denial of Service Vulnerability in Microsoft Front Page via Crafted Style Tag Local Privilege Escalation Vulnerability in Prevx Pro 2005 1.0 Kernel Driver Source Verification Bypass Vulnerability in Prevx Pro 2005 1.0 Insecure Permissions in SSH Host Identification Key Generation Arbitrary File Read/Upload Vulnerability in Trac before 0.8.4 Arbitrary Command and SQL Injection Vulnerability in Cacti 0.8.6e and Earlier Remote Code Execution and Privilege Escalation in Cacti 0.8.6e and earlier NULL Session Access to Alternate Named Pipes in Windows NT 4.0 and Windows 2000 Memory Corruption Vulnerability in Courier Mail Server's SPF.c Geeklog SQL Injection Vulnerability in User Comments SQL Injection Vulnerability in osTicket 1.3.1 Beta and Earlier: Remote Code Execution via ticket Variable osTicket 1.3.1 Beta and Earlier: PHP Local File Inclusion Vulnerability in view.php and open.php Arbitrary Code Execution via PHP Remote File Inclusion in EasyPHPCalendar 6.1.5 and Earlier Arbitrary SQL Command Execution in PHPNews 1.2.5 via prevnext Parameter Remote File Inclusion Vulnerability in nabopoll 1.2 survey.inc.php Allows Arbitrary Code Execution Remote Code Execution Vulnerability in Embedded HSQLDB in JBoss jBPM 2.0 Denial of Service Vulnerability in PlanetDNS PlanetFileServer 2.0.1.3 Cleartext Storage of Usernames and Passwords in IMail Cookie Nested [url] tags in phpBB 2.0.16 allow for remote cross-site scripting (XSS) vulnerability. Arbitrary PHP Code Execution via lang Parameter in MyGuestbook 0.6.1 Arbitrary Web Script Injection Vulnerability in AutoIndex PHP Script 1.5.2 Covide Groupware-CRM SQL Injection Vulnerability Arbitrary Command Execution in GlobalNoteScript's read.cgi SQL Injection Vulnerability in Plague News System 0.6 and Earlier: Remote Code Execution via cid Parameter Arbitrary Code Injection via cid Parameter in Plague News System 0.6 and Earlier Unauthenticated Remote Deletion Vulnerability in Plague News System 0.6 and Earlier Directory Traversal Vulnerability in Quick & Dirty PHPSource Printer 1.1 and Earlier Denial of Service Vulnerability in IBM Tivoli Management Framework Endpoint Arbitrary Flag Modification and Bug Summary Disclosure Vulnerability in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 Race condition vulnerability allows unauthorized access to bug information before replication completion Lotus Notes Mail Web Interface Vulnerability: Automatic HTML Processing Exploitation HTML Attachment Processing Vulnerability in Novell NetMail Denial of Service Vulnerability in Net-SNMP 5.x Remote Code Execution in probe.cgi via Shell Metacharacters in olddat Parameter Remote File Inclusion Vulnerability in Jaws 0.5.2 and Earlier: Arbitrary PHP Code Execution Arbitrary File Overwrite Vulnerability in gen-index in GNATS 4.0, 4.1.0, and Earlier Versions Cisco 7940/7960 VoIP Phones Call-ID Spoofing Vulnerability Remote Message Spoofing Vulnerability in Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) Phones Authentication Bypass Vulnerability in PhpXmail 0.7 through 1.1 Arbitrary Command Execution via File Attachment in eRoom 6.x Cookie Expiration Vulnerability in eRoom Allows for Replay Attacks Cross-Site Scripting (XSS) Vulnerabilities in McAfee IntruShield Security Management System Remote authenticated users can exploit vulnerability in McAfee IntruShield Security Management System to modify alerts and access the Generate Reports feature. User ID Leakage in McAfee IntruShield Security Management System Insecure Storage of SSH Private Keys in Lantronix SecureLinx Console Server Firmware 2.0 and 3.0 SQL Injection Vulnerabilities in Comersus Shopping Cart Cross-Site Scripting (XSS) Vulnerabilities in Comersus Shopping Cart Insufficient Access Control in SimplePHPBlog 0.4.0 Allows Password Retrieval via Brute Force Attack SQL Injection Vulnerability in User Profile Edit Module in PunBB 1.2.5 and Earlier Unspecified Denial of Service Vulnerability in Apple Mac OS X Kernel Denial of Service Vulnerability in Apple Darwin Streaming Server 5.5 and Earlier Default WEP Key Vulnerability in Apple AirPort Card SQL Injection Vulnerability in Id Board 1.1.3: Remote Attackers Can Modify SQL Queries Remote Code Execution Vulnerability in SPiD (<=1.3.1) via lang.php Arbitrary Code Execution via PHP Remote File Inclusion in PPA Web Photo Gallery 0.5.6 Authentication Bypass Vulnerabilities in Xerox WorkCentre Pro Color 2128, 2636, and 3545 MicroServer Web Server Denial of Service and File Access Vulnerability in Xerox WorkCentre Pro Color 2128, 2636, and 3545 MicroServer Web Server Arbitrary Web Script Injection Vulnerability in Xerox WorkCentre Pro Color 2128, 2636, and 3545 MicroServer Web Server Authentication Bypass Vulnerability in phpWishlist before 0.1.15 Cross-Site Scripting (XSS) Vulnerability in CA eTrust SiteMinder 5.5 Arbitrary Command Execution Vulnerability in kaiseki.cgi Multiple SQL Injection Vulnerabilities in CartWIZ CartWIZ Store Login Page XSS Vulnerability Denial of Service Vulnerability in PrivaShare 1.1b Sensitive Information Stored in Cleartext in Capturix ScanShare 1.06 build 50 Stack-based Buffer Overflow in Internet Download Manager 4.05: Remote Code Execution Vulnerability Insecure Temporary File Creation in Backup Manager 0.5.8a Allows Unauthorized File Operations World Readable and Writable Archive Repository in Backup Manager 0.5.8a Buffer Overflow in mms_interp_header Function in MMS Ripper Allows Remote Code Execution Insecure Permissions in apt-setup: Local Users Can Access Sensitive Information Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 Arbitrary Code Execution via PHP Remote File Inclusion in PhotoGal Photo Gallery 1.5 and Earlier Insufficient Access Control in Dansie Shopping Cart Allows Remote Information Disclosure Hidden Device Node Vulnerability in FreeBSD 5.x Unauthorized Modification of Credit Limit in Hosting Controller 6.1 Hotfix 2.1 Remote Price Manipulation Vulnerability in Dragonfly Commerce Multiple SQL Injection Vulnerabilities in Dragonfly Commerce Unspecified Vulnerability in MailEnable Professional HTTPMail Service SMTP Service Denial of Service Vulnerability Denial of Service Vulnerability in aspnet_wp.exe via Crafted SOAP Message Denial of Service Vulnerability in Microsoft MSN Messenger and Gaim Outlook Express 6.0 Vulnerability: Information Leakage via Watched Conversation Threads Plaintext Password Storage Vulnerability in Softiacom wMailserver 1.0 Title: Web Wiz Forums 7.9 and 8.0 Hidden Forum Message Title Disclosure Vulnerability Sensitive Files Exposure in Blog Torrent 0.92 and Earlier Insecure Temporary File Creation in Electronic Mail Operator (elmo) 1.3.2-r1 and Earlier Local Privilege Escalation Vulnerability in High Availability Linux Project Heartbeat 1.2.3 Buffer Overflow Vulnerability in invscout in IBM AIX 5.1.0 through 5.3.0 Buffer Overflow Vulnerability in IBM AIX p Commands Buffer Overflow Vulnerability in IBM AIX getlvname Command Buffer Overflow Vulnerability in diagTasksWebSM Command in IBM AIX 5.1, 5.2, and 5.3 Format String Vulnerability in paginit Command in IBM AIX 5.3 and Other Versions Format String Vulnerability in swcons Command in IBM AIX 5.3 and Other Versions Denial of Service Vulnerability in IBM AIX FTPD Denial of Service Vulnerability in oftpd 0.3.7 via USER Command Arbitrary File Overwrite Vulnerability in xpvm 1.2.5 Cisco CallManager RISDC Socket Resource Leak Vulnerability Denial of Service Vulnerability in Cisco CallManager (CCM) Memory Leak Vulnerability in Cisco CallManager (CCM) with Multi Level Admin (MLA) Enabled Buffer Overflow Vulnerability in Cisco CallManager Aupair Service SSL Authentication Subversion Vulnerability in F5 BIG-IP 9.0.2 through 9.1 Remote Code Execution in iPhotoAlbum 1.1 via PHP File Inclusion Vulnerabilities Unspecified Vulnerabilities in Moodle before 1.5.1 Directory Traversal Vulnerability in DownloadProtect 1.0.3 and earlier versions Unknown Vulnerabilities in Jinzora 2.0.1: Potential PHP File Inclusion Vulnerability Buffer Overflow Vulnerability in Nokia Affix Bluetooth FTP Client (BTFTP) PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier Authentication Bypass Vulnerability in PhpAuction 2.5 SQL Injection Vulnerability in PhpAuction 2.5 via category parameter in adsearch.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in PhpAuction 2.5 PhpAuction 2.5 Directory Traversal Vulnerability Directory Traversal Vulnerability in phpPgAdmin 3.1 to 3.5.3 Arbitrary Profile Modification and Privilege Escalation in PhpSlash 0.8.0 Remote Code Execution in Squito Gallery 1.33 via PHP Remote File Inclusion Vulnerability Arbitrary Code Execution Vulnerability in USANet Creations Products User Interface Vulnerability in Firefox, Mozilla, and Netscape XBL Script Execution Vulnerability Remote Code Execution via Set As Wallpaper or Set as Background Context Menu Cross-Domain Callback Execution Vulnerability in Firefox and Mozilla Remote Information Theft via Firefox Sidebar and Data URL Injection Remote Code Execution and Denial of Service Vulnerability in Firefox, Mozilla, and Netscape Cross-Domain Frame Access Vulnerability Arbitrary Code Execution via Standalone Applications in Firefox Dialog Origin Spoofing Vulnerability XHTML Node Spoofing Vulnerability in Firefox, Mozilla, and Netscape Arbitrary Code Execution via Prototype Chain Navigation in Firefox and Mozilla Dialog Origin Spoofing Vulnerability in iCab 2.9.8 Dialog Origin Spoofing Vulnerability in Safari 2.0 (412) Dialog Origin Spoofing Vulnerability in Opera 7.x and 8 before 8.01 Dialog Origin Spoofing Vulnerability in Microsoft Internet Explorer 6.0 Novell Groupwise WebAccess 6.5 XSS Vulnerability Arbitrary Command Execution in Nokia Affix Bluetooth FTP Client Remote Code Execution Vulnerability in MailEnable Professional 1.54 IMAP Daemon Denial of Service Vulnerability in Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) Firmware 2.2.2 and Earlier Denial of Service Vulnerability in Cisco Security Agent (CSA) 4.5 Weak Encryption Scheme in WebEOC Allows for Password Cracking WebEOC before 6.0.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities Unrestricted File Upload Vulnerability in WebEOC before 6.0.2 SQL Injection Vulnerabilities in WebEOC before 6.0.2 Sensitive Information Exposure in WebEOC before 6.0.2 Privilege Escalation in WebEOC before 6.0.2 Denial of Service Vulnerability in SoftiaCom wMailServer 1.0 and 2.0 PHPCounter 7.2 EpochPrefix Parameter Cross-Site Scripting (XSS) Vulnerability Sensitive Information Disclosure in PHPCounter 7.2 via prelims.php Arbitrary Command Execution in WPS Web Portal System 0.7.0 via wps_shop.cgi Cleartext Password Exposure in Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 Cleartext Password Storage Vulnerability in Oracle JDeveloper Insecure Storage of Database Credentials in Oracle Formsbuilder 9.0.4 Sensitive Information Exposure via World-Readable Temporary File in Oracle Forms Denial of Service Vulnerability in NetPanzer 0.8 and Earlier Information Disclosure Vulnerability in YabbSE 1.5.5c via ssi_examples.php Arbitrary Code Execution via Stack-based Buffer Overflow in Sybase EAServer Vulnerability: Bypassing Virus Scanning in BitDefender Engine Multiple Cross-Site Scripting (XSS) Vulnerabilities in Simple Message Board Version 2.0 Beta 1 Local Privilege Escalation via Symlink Attack in Skype 1.1.0.20 and Earlier LDAP Injection Vulnerability in PowerDNS PowerDNS Denial of Service Vulnerability Denial of Service Vulnerability in Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 Buffer Overflow Vulnerability in DG Remote Control Server 1.6.2 Race condition vulnerability in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0 allows authenticated users to gain unauthorized privileges. Network Connection Manager Denial of Service Vulnerability JPEG Decoder Vulnerability in Microsoft Internet Explorer Denial of Service Vulnerability in Opera 8.01 via Crafted JPEG Image Buffer Overflow Vulnerability in Winamp MP3 File Parsing Arbitrary File Overwrite Vulnerability in SMS 1.9.2m and Earlier User Impersonation Vulnerability in Realnode Emilda 1.2.2 and Earlier Credential and Privilege Escalation Vulnerability in Check Point SecuRemote NG with Application Intelligence R54 Authentication Bypass and Password Leakage in PHPsFTPd 0.2 through 0.4 Buffer Overflow Vulnerability in DNRD (Domain Name Relay Daemon) Allows Remote Code Execution Circular Buffer Denial of Service Vulnerability in Domain Name Relay Daemon (DNRD) Bypassing Firewall Rules with Accepted MAC Address in Shorewall Arbitrary Web Script Injection Vulnerability in DVBBS 7.1 SP2 showerr.asp PHP Remote File Include Vulnerability in Yawp Library 1.0.6 and Earlier Unrestricted Access to assistant_edit.php in WebCalendar before 1.0.0 CaLogic 1.2.2 - PHP Remote File Inclusion Vulnerability Arbitrary Web Script Injection in Class-1 Forum and Clever Copy with Forums Multiple SQL Injection Vulnerabilities in Class-1 Forum and Clever Copy with Forums Cross-Site Scripting (XSS) Vulnerability in Clever Copy 2.0 and 2.0a Information Disclosure Vulnerability in Clever Copy 2.0 and 2.0a Clever Copy 2.0 and 2.0a Cross-Site Scripting (XSS) Vulnerability in calendar.php e107 0.617 XSS Vulnerability via Nested [url] BBCode Tags Remote Code Execution in Laffer 0.3.2.6 and 0.3.2.7 via PHP Remote File Inclusion in im.php Improper Access Restriction in MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0 osCommerce 2.2 Directory Traversal Vulnerability in extras/update.php MooseGallery display.php Remote File Inclusion Vulnerability Arbitrary Web Script Injection in PHPPageProtect 1.0.0a via Username Parameter Arbitrary Script Injection in smilies_popup.php in SEO-Board 1.0 Remote Command Execution in Y.SAK via Shell Metacharacters Buffer Overflow in Fetchmail POP3 Client (CVE-2005-2335) Hiki 0.8.0 to 0.8.2 Cross-Site Scripting (XSS) Vulnerability in Missing Pages Vulnerability: Bypassing Safe Level and Taint Flag Protections in Ruby Cross-Site Scripting (XSS) Vulnerabilities in XOOPS Versions 2.0.12 JP, 2.0.13.1, and 2.2.x up to 2.2.3 RC1 Arbitrary Web Script Injection Vulnerability in Unicode-msearch 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) Heap-based Buffer Overflow in Apple Quicktime: Remote Code Execution RIM BlackBerry Attachment Service Heap-Based Buffer Overflow Vulnerability Denial of Service Vulnerability in RIM BlackBerry Router via Crafted SRP Packets Denial of Service Vulnerability in RIM BlackBerry Handheld Web Browser BlackBerry Attachment Service Denial of Service Vulnerability Buffer Overflow in Novell GroupWise 6.5 Client via GWVW02xx.INI Language File Directory Traversal Vulnerability in Zoo 2.10 Websieve v0.62 Cross-Site Scripting (XSS) Vulnerability Denial of Service Vulnerability in Mutt before 1.5.20 Patch 7 Critical Race Condition Vulnerability Discovered in gs-gpl Addons Scripts (Version < 8.56) Local Privilege Escalation via Symlink Attack in run-mozilla.sh in Thunderbird Outdated Mozilla XPCOM in Nvu 0.99+1.0pre: A Breeding Ground for Security Vulnerabilities EMC Navisphere Manager 6.4.1.0.0 Directory Traversal Vulnerability Arbitrary Directory Listing Vulnerability in EMC Navisphere Manager 6.4.1.0.0 AES-XCBC-MAC Algorithm Vulnerability in IPsec LDAP Dissector Denial of Service Vulnerability in Ethereal 0.8.5 through 0.10.11 Multiple Denial of Service Vulnerabilities in Ethereal 0.8.19 through 0.10.11 Denial of Service Vulnerability in Ethereal 0.9.0 through 0.10.11 Dissectors Denial of Service Vulnerability in Ethereal 0.8.15 through 0.10.11 Null Pointer Dereference Vulnerability in Ethereal Dissectors SMB Dissector Buffer Overflow and Denial of Service Vulnerability in Ethereal 0.9.0 through 0.10.11 Denial of Service Vulnerability in Ethereal 0.10.11 BER Dissector Format String Vulnerability in Ethereal's proto_item_set_text Function Arbitrary Command Execution in Vim 6.3 Integer Signedness Errors in libgadu: Remote Code Execution Vulnerability Memory Alignment Errors in libgadu: Remote Denial of Service Vulnerability Oracle Reports Directory Traversal Vulnerability Arbitrary Code Execution via Absolute Pathname Argument in Oracle Forms Arbitrary Code Execution Vulnerability in SlimFTPd 3.15 and 3.16 Vulnerability: Unsecured Administrative Access in Belkin 54g Wireless Routers Race Driver Format String Vulnerability Buffer Overflow Vulnerability in Race Driver 1.20 and Earlier: Remote Denial of Service via Long Nickname or Chat Message LDAP Denial of Service Vulnerability in nss_ldap Oracle Reports Directory Traversal Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Oracle Reports 9.0.2 Multiple Cross-Site Scripting Vulnerabilities in PHP Surveyor 0.98 Sensitive Information Disclosure in PHP Surveyor 0.98 Privilege Escalation via Help Functionality in Oray PeanutHull 3.0.1.0 and Earlier SQL Injection Vulnerability in PHPNews 1.2.5: Remote Code Execution via auth.php Directory Traversal Vulnerability in UNACEV2.DLL Allows Arbitrary File Write Buffer Overflow in UNACEV2.DLL Allows Remote Code Execution Arbitrary Script Injection in CartWIZ 1.20 viewCart.asp Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 Critical Buffer Overflow Vulnerability in USB Driver on Microsoft Windows Allows Arbitrary Code Execution Denial of Service Vulnerability in Veritas NetBackup 5.1 NDMP Server Format string vulnerabilities in ProFTPD before 1.3.0rc2: Denial of Service and Information Disclosure Information Disclosure Vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 Arbitrary Script Injection in CMSimple 2.4 and Earlier via Search Parameter Arbitrary Script Injection in CuteNews 1.3.6 Path Disclosure Vulnerability in CuteNews 1.3.6 via Invalid Archive Parameter Weak Authentication Scheme Selection Vulnerability in Mozilla Firefox 1.0.4 and 1.0.5 Arbitrary Script Injection Vulnerability in MediaWiki 1.4.6 and Earlier Arbitrary Web Script Injection in phpBook 1.46 Guestbook.php Multiple SQL Injection Vulnerabilities in PHP Surveyor 0.98 SQL Error Triggering Vulnerability in PHP Surveyor 0.98 Authentication Bypass Vulnerability in PHPFinance 0.3 Arbitrary CSS Injection Vulnerability in PHP-Fusion via BBCode Color Tag PHPSiteSearch 1.7.7d search.php Cross-Site Scripting (XSS) Vulnerability Authentication Bypass Vulnerability in RealChat 3.5.1b SQL Injection Vulnerability in Sendcard 3.2.3: Remote Code Execution via id Parameter in sendcard.php Arbitrary Code Execution Vulnerability in Opera 8.01 Cross-Site Scripting (XSS) and File Upload Manipulation Vulnerability in Opera 8.01 Link Hijacking Vulnerability in Opera 8.01 and Earlier Remote Code Execution via Format String Vulnerability in nbsmtp 0.99 and Earlier Format String Vulnerability in Network Manager's nm_info_handler Function CSRF Vulnerability in tDiary 2.1.1 and Earlier Versions PHP FirstPost block.php Remote File Inclusion Vulnerability Atomic Photo Album (APA) Remote File Inclusion Vulnerability Race condition vulnerability in xpcom library can cause denial of service in web browsers SQL Injection Vulnerabilities in Contrexx before 1.0.5: Remote Code Execution Cross-Site Scripting (XSS) Vulnerabilities in Contrexx before 1.0.5 Sensitive Information Disclosure in Contrexx before 1.0.5 via /config/version.xml B-FOCuS Router 312+ Authentication Bypass Vulnerability Arbitrary Command Execution in FtpLocate 2.02 via HTTP GET Request SQL Injection Vulnerabilities in Beehive Forum's index.php and Other Pages Beehive Forum index.php Cross-Site Scripting (XSS) Vulnerability Sensitive Information Disclosure in Beehive Forum Unauthenticated Remote Access to Telnet Port in Siemens SANTIS 50 and Other Products Stack-based Buffer Overflow in Ares FileShare 1.1 Allows Arbitrary Code Execution Denial of Service Vulnerability in FTPshell Server 3.38 Arbitrary Script Injection Vulnerability in CartWIZ's viewCart.asp Sensitive Data Exposure in Lotus Domino R5 and R6 WebMail Arbitrary Data Write Vulnerability in Firefox when Opening Microsoft Word Documents Multiple Cross-Site Scripting (XSS) Vulnerabilities in GForge 4.5 Unrestricted Email Bombing Vulnerability in GForge 4.5 SQL Injection Vulnerability in PhpList: Remote Modification of SQL Statements via id Argument PhpList Path Disclosure Vulnerability Vulnerability: Reuse of Private Key and Certificate in Linksys WRT54G Router Arbitrary Web Script Injection Vulnerability in Website Baker Project's browse.php Sensitive Data Disclosure in Website Baker Project via browse.php Arbitrary PHP Code Execution Vulnerability in Website Baker Project Arbitrary Javascript Injection via BBCode Color Value in UseBB 0.5.1 and Earlier SQL Injection Vulnerability in UseBB 0.5.1 and Earlier: Remote Code Execution via Search Function Thomson Web Skill Vantage Manager Login.asp SQL Injection Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in VBzoom Cross-Application Scripting (XAS) Vulnerability in SPI Dynamics WebInspect 5.0.196 Insufficient Access Control in Kshout 2.x and 3.x Allows Remote Information Disclosure Plaintext Password Storage Vulnerability in Trillian Pro 3.1 Build 121 Arbitrary SQL Command Execution in Product Cart 2.6 via viewPrd.asp Endianness Errors in libgadu: Denial of Service Vulnerability on Big-Endian Systems Sandbox Race Condition Vulnerability Allows Arbitrary File Creation or Overwriting Integer Overflow Vulnerabilities in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and Earlier IPv6 Denial of Service and Arbitrary Code Execution Vulnerability in Cisco IOS and IOS XR Denial of Service in libtiff 3.7.0 via Zero YCbCr Subsampling Value Arbitrary Web Script Injection Vulnerability in NetworkActiv Web Server Insecure Default Permissions in IBM Lotus Notes Folder Greasemonkey before 0.3.5: Remote File Read and Information Disclosure Vulnerability Array Index Overflow in xfrm_sk_policy_insert Function in Linux Kernel 2.6 Denial of Service Vulnerability in Linux Kernel's zisofs Driver Denial of Service Vulnerability in Linux Kernel's zlib Routines Incorrect Return Value in huft_build Function in Linux Kernel Cross-Site Scripting (XSS) Vulnerabilities in Kayako liveResponse 2.x SQL Injection Vulnerabilities in Kayako liveResponse 2.x Calendar Feature Plaintext Password Exposure in Kayako liveResponse 2.x Information Disclosure Vulnerability in Kayako liveResponse 2.x Authentication Bypass Vulnerability in PCXP/TOPPE CMS Login Page Arbitrary Web Script Injection Vulnerability in PCXP/TOPPE CMS pm.php SQL Injection Vulnerabilities in OpenBook 1.2.2's auth_user Function Multiple Cross-Site Scripting (XSS) Vulnerabilities in MySQL Eventum 1.5.5 and Earlier Multiple SQL Injection Vulnerabilities in MySQL Eventum 1.5.5 and Earlier Stack-based Buffer Overflow in NMAP Agent for Novell NetMail 3.52C and Earlier Versions Buffer Overflow Vulnerability in Adobe Reader and Acrobat Plug-in Arbitrary Command Execution in pstopnm of netpbm Buffer Overflow Vulnerabilities in BusinessMail 4.60.00: Remote Denial of Service via SMTP Commands Multiple SQL Injection Vulnerabilities in ChurchInfo ChurchInfo Path Disclosure Vulnerability Race condition vulnerability in Unzip 5.52 allows local users to modify file permissions via a hard link attack during decompression Arbitrary Script Injection in Naxtor Shopping Cart 1.0's lost_password.php SQL Injection Vulnerability in Naxtor Shopping Cart 1.0 Allows Path Disclosure SQL Injection Vulnerability in SilverNews 2.0.3: Remote Code Execution via User Field in Admin Control Panel Login Denial of Service Vulnerability in Quick 'n Easy FTP Server 3.0 Arbitrary Script Injection in ColdFusion Fusebox 4.1.0 via Unquoted fuseaction Parameter Information Disclosure Vulnerability in ColdFusion Fusebox 4.1.0 Vulnerability: Environment Variable Modification in StateToOptions Function Eval Injection Vulnerability in Karrigell before 2.1.8 Allows Remote Code Execution Buffer Overflow Vulnerability in Denora IRC Stats 1.0: Remote Code Execution Arbitrary Web Script Injection Vulnerability in Logicampus Helpdesk SQL Injection Vulnerability in mod_forum/read_message.php in PortailPHP Denial of Service Vulnerability in Sun McData Switches and Directors Cross-Site Scripting (XSS) Vulnerability in Web Content Management News System Arbitrary Account Creation and Privilege Escalation in Web Content Management News System Stack-based Buffer Overflow in Linux Kernel's sendmsg Function Call Heap-based buffer overflow vulnerability in PCRE library allows arbitrary code execution Denial of Service and Arbitrary Memory Read Vulnerability in Linux Kernel 2.6 Local Privilege Escalation via Symlink Attack on kcheckpass Lock Files Arbitrary Code Execution via Crafted Pixmap Image in XFree86 Privilege Escalation in xntpd ntp Daemon PHPXMLRPC 1.1.1 and Earlier Eval Injection Vulnerability Denial of Service Vulnerability in slocate before 2.7 Buffer Overflow in xdr_xcode_array2 Function in Linux Kernel 2.6.12 Allows Remote Code Execution Buffer Overflow Vulnerability in AppKit for Mac OS X 10.3.9 and 10.4.2 via Crafted RTF File Buffer Overflow Vulnerability in AppKit for Mac OS X 10.3.9 and 10.4.2 via Crafted Microsoft Word File Local Account Creation Vulnerability in AppKit for Mac OS X 10.3.9 and 10.4.2 Misleading Bluetooth Authentication Label in Mac OS X 10.4.2 System Profiler Buffer Overflow Vulnerability in CoreFoundation in Mac OS X 10.3.9 Denial of Service Vulnerability in CoreFoundation via Crafted Gregorian Dates Remote Code Execution Vulnerability in Mac OS X Directory Services Privilege Escalation Vulnerability in dsidentity in Mac OS X 10.4.2 Fast User Switching Vulnerability in Mac OS X 10.4.2 and Earlier Inadequate Firewall Rule Writing in Server Admin Tool for Mac OS X 10.4 to 10.4.2 Kerberos Authentication Vulnerability in Mac OS X 10.4.2 and Earlier Remote Image Loading Vulnerability in Mail.app on Mac OS 10.4.2 and Earlier VoiceOver Services Vulnerability in HItoolbox for Mac OS X 10.4.2 Buffer Overflow Vulnerability in Ping on Mac OS X 10.3.9 Quartz Composer Screen Saver in Mac OS X 10.4.2 allows unauthorized access to RSS Visualizer links Arbitrary Command Execution via Safari's RTF File Rendering Form Data Leakage Vulnerability in Safari for Mac OS X 10.3.9 and 10.4.2 Remote Code Execution Vulnerability in servermgrd in Mac OS X 10.3.9 and 10.4.2 Insecure Temporary File Creation in slpd Directory Services in Mac OS X 10.3.9 Password Assistant Vulnerability in Mac OS X 10.4 to 10.4.2 Buffer Overflow Vulnerability in Traceroute on Mac OS X 10.3.9 Arbitrary Code Execution via PDF File Links in Safari WebKit (Mac OS X 10.4 to 10.4.2) Cross-Site Scripting (XSS) Vulnerabilities in Mac OS X Weblog Server Domain Restriction Bypass Vulnerability in Safari 2.0 on Apple Mac OS X 10.3.9 CUPS File Descriptor Handling Vulnerability Denial of Service Vulnerability in CUPS on Mac OS X 10.3.9 and 10.4.2 Race condition vulnerability in Java 1.4.2 on Apple Mac OS X allows local file corruption or arbitrary file creation Privilege Escalation Vulnerability in Java 1.4.2 on Apple Mac OS X Unspecified Privilege Escalation Vulnerability in Java 1.3.1 on Apple Mac OS X OpenVPN Denial of Service Vulnerability OpenVPN Denial of Service Vulnerability OpenVPN Denial of Service Vulnerability in dev tap Ethernet Bridging Mode OpenVPN Denial of Service Vulnerability Buffer Overflow in BrightStor ARCserve Backup Discovery Service Arbitrary Command Execution via Insecure Ghostscript Invocation in pstotext Information Disclosure Vulnerability in FlatNuke 2.5.5 and Earlier Versions Information Disclosure Vulnerability in FlatNuke 2.5.5 and Earlier Versions Multiple Cross-Site Scripting (XSS) Vulnerabilities in FlatNuke 2.5.5 and Earlier Versions CRLF Injection Vulnerability in FlatNuke 2.5.5 and Earlier: Remote PHP Command Execution Privilege Escalation Vulnerability in Tar 1.15.1 Arbitrary Web Script Injection via Attachment in Invision Power Board (IPB) 1.0.3 Arbitrary File Download Vulnerability in Comdev eCommerce 3.0 Remote Code Execution in Comdev eCommerce 3.0 via PHP Remote File Inclusion in config.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHPOpenChat 3.0.2 Arab Portal 2.0 Vulnerability: Information Disclosure via Long Username or Password Arbitrary Command Execution via Bluetooth Device Name in BlueZ 2.16-2.18 Denial of Service Vulnerability in Linux Kernel 2.6.8 via VLAN Code Multiple Format String Vulnerabilities in Evolution 1.5 through 2.3.6.1 Evolution Calendar Format String Vulnerability Buffer Overflow Vulnerability in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows Remote Control Exploit in HP ProLiant DL585 Servers with ILO Firmware Before 1.81 Denial of Service Vulnerability in Linux Kernel 2.4.x Insecure Permissions in Network Associates ePolicy Orchestrator Agent 3.5.0 (Patch 3) Web Server Improper Socket Policy Access in Linux Kernel 2.6.x Remote Database Connection Vulnerability in Mantis 0.19.0a1 through 1.0.0a3 Arbitrary Code Injection via dir Parameter in Mantis 0.19.0a1 through 1.0.0a3 Stack-based buffer overflow in MySQL init_syms function Arbitrary Code Execution and File Overwrite Vulnerability in ePing Plugin for e107 Portal CFBB 1.1.0 index.cfm Cross-Site Scripting (XSS) Vulnerability Multiple SQL Injection Vulnerabilities in MYFAQ 1.0 Gravity Board X (GBX) 1.1 SQL Injection Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Gravity Board X (GBX) 1.1 Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 Sensitive Information Disclosure in Gravity Board X (GBX) 1.1 SQL Injection Vulnerabilities in Open Bulletin Board (OpenBB) SysCP 1.2.10 and Earlier: PHP Remote File Inclusion Vulnerability SysCP Template Engine Eval Injection Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in FunkBoard 0.66CF Information Disclosure Vulnerability in FunkBoard 0.66CF and Earlier Versions Improper Access Control in FunkBoard 0.66CF and Earlier Versions Remote Code Execution and Denial of Service Vulnerability in MySQL on Windows Directory Traversal Vulnerability in MySQL's mysql_create_function Function Arbitrary Server Variable Modification in XMB Forum 1.9.1 SQL Injection Vulnerability in XMB Forum 1.9.1: Remote Code Execution via u2u.inc.php Information Disclosure Vulnerability in CaLogic 1.22 and Earlier Versions Denial of Service Vulnerability in Wyse Winterm 1125SE Firmware 4.2.09f/4.4.061f Privilege Escalation via Nortel Contivity VPN Client V05_01.030 Certificate Configuration Vulnerability Multiple SQL Injection Vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch Denial of Service Vulnerability in Grandstream BudgeTone 101 and 102 World-writable permissions in Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 Undocumented Web Server Vulnerability on Mentor ADSL-FR4II Router Default Password Vulnerability in Mentor ADSL-FR4II Router Firmware 2.00.0111 Denial of Service Vulnerability in Mentor ADSL-FR4II Router Firmware 2.00.0111 Clear-text Storage of Web Administration Password in Mentor ADSL-FR4II Router Firmware 2.00.0111 SQL Injection Vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in DVBBS 7.1 SP2 and Earlier Bypassing Authentication in Linksys WRT54GS Wireless Router with Firmware 4.50.6 Parlano MindAlign 5.0 and Later Versions XSS Vulnerability User Enumeration Vulnerability in Parlano MindAlign 5.0 and Later Versions Authentication Bypass Vulnerability in Parlano MindAlign 5.0 and Later Versions Weak Encryption Vulnerability in Parlano MindAlign 5.0 and Later Versions Denial of Service Vulnerability in Apple Safari 1.3 (132) on Mac OS X 1.3.9 Arbitrary Javascript Execution via Archived Messages in Dada Mail before 2.10 Alpha 1 Gallery User.php Vulnerability: Unauthorized Access to All Galleries Insecure Permissions in AOL Client Software 9.0 Allows Arbitrary Code Execution Multiple Directory Traversal Vulnerabilities in Dokeos 1.6 and Earlier Weak Encryption in Hummingbird FTP Allows Privilege Escalation Remote Code Execution in FUDForum 2.6.15 with Tree View Enabled SQL Injection Vulnerability in MidiCart: Remote Code Execution via code_no Parameter URI Obfuscation Vulnerability in Mozilla Thunderbird and Firefox 1.0.6 Arbitrary Script Injection in My Image Gallery (Mig) 1.4.1 Path Disclosure Vulnerability in My Image Gallery (Mig) 1.4.1 Authentication Bypass Vulnerability in Lasso Professional Server 8.0.4 and 8.0.5 Unspecified Vulnerability in PHlyMail 3.02.00 Frontend Authentication Arbitrary File Inclusion Vulnerability in PHPSimplicity Simplicity oF Upload before 1.3.1 Cross-Site Scripting (XSS) Vulnerability in SafeHTML before 1.3.5 Information Disclosure Vulnerability in VegaDNS Arbitrary Web Script Injection in VegaDNS 0.8.1 and 0.9.8 Static Password Vulnerability in VERITAS Backup Exec and NetBackup WordPress Direct Code Injection Vulnerability Arbitrary Code Execution and File Read Vulnerability in CPAINT Ajax Toolkit Arbitrary Command Execution via File Upload in Discuz! 4.0 rc4 Unspecified Vulnerability in EQdkp's session.php with Unknown Impact and Attack Vectors Remote Code Execution in ezUpload 2.2 via Multiple PHP File Include Vulnerabilities Memory Leak Vulnerability in syscall32_setup_pages Function Multiple stack-based buffer overflows in Autonomy KeyView SDK before 9.2.0 allow remote code execution Directory Traversal Vulnerability in Autonomy KeyView SDK Allows Arbitrary File Deletion Plaintext Password Storage Vulnerability in grpWise.exe SQL Injection Vulnerability in ECW-Shop 6.0.2 Allows Path Disclosure Arbitrary Web Script Injection Vulnerability in ECW-Shop 6.0.2 Negative Quantity Exploit in ECW-Shop 6.0.2 Allows Cost Reduction in Shopping Cart Eval Injection Vulnerability in CPAINT 1.3-SP: Remote Code Execution Incomplete Blacklist Vulnerability in CPAINT Allows Remote Code Execution Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to exploit SSID with unprintable characters Integer Underflows in Kismet Leading to Heap-Based Buffer Overflows Arbitrary Code Execution Vulnerability in Macromedia Flash 6 and 7 (Flash.ocx) Stack-based buffer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 via .rm movie file integer overflow vulnerability Heap-based Buffer Overflow in RealPlayer Skin File Parsing Authentication Bypass and User Manipulation Vulnerability in Cisco Clean Access (CCA) SQL Injection Vulnerability in login_admin_mediabox404.php in MediaBox404 1.2 and Earlier Arbitrary PHP Code Execution via Absolute Path Parameter in PHPTB Topic Board 2.0 and Earlier Buffer Overflow in WinFtp Server 1.6.8 Log-SCR Function Directory Traversal Vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 SQL Injection Vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds Multiple SQL Injection Vulnerabilities in PHPFreeNews 1.40 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHPFreeNews 1.40 and Earlier Buffer Overflow Vulnerability in Chris Moneymaker's World Poker Championship 1.0 Username Enumeration Vulnerability in Juniper Netscreen VPN Privilege Escalation Vulnerability in pam_ldap before 180 Remote Code Execution Vulnerability in Mutt 1.5.10 via Buffer Overflow in mutt_decode_xbit Function Weak Key Vulnerability in Tor Allows Malicious Servers to Obtain Client Keys Buffer Overflow Vulnerability in JaguarEditControl.dll in Isemarket JaguarControl Allows Remote Code Execution Authentication Bypass Vulnerability in Xerox MicroServer Web Server Unspecified Remote Code Execution Vulnerability in Xerox MicroServer Web Server XSS Vulnerability in Xerox MicroServer Web Server in Document Centre Series Arbitrary File Read Vulnerability in W-Agora 4.2.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in ATutor 1.5.1 via course and words parameters Emefa Guestbook 1.2 - Cross-Site Scripting (XSS) Vulnerability in sign.asp Arbitrary Code Execution in Zorum 3.5 via gorum/prod.php Information Disclosure Vulnerability in Zorum 3.5 BBCaffe 2.0 Cross-Site Scripting (XSS) Vulnerability in E-mail Data Injection Anonymous Access Vulnerability in phpLDAPadmin Privilege Escalation in Lockmail in Maildrop before 1.5.3 World-writable Permissions in Polygen Precompiled Grammar Objects Vulnerability Privilege Escalation via Arbitrary Code Execution in common-lisp-controller Buffer Overflow Vulnerability in Turquoise SuperStat (turqstat) 2.2.4 and Earlier: Remote Code Execution via Long Month in Date LZX Decompression Buffer Overflow Vulnerability in CHM Lib 0.35 Local File Inclusion Vulnerability in Apachetop 0.12.5 and Earlier Format String Vulnerability in ParseBannerAndCapability Function in up-imapproxy 1.2.3 and 1.2.4 Arbitrary Command Execution in masqmail before 0.2.18 Local Privilege Escalation via Symlink Attack in masqmail before 0.2.18 Plaintext Password Storage Vulnerability in Whisper 32 1.16 and Earlier Versions Remote Code Execution Vulnerability in Elm 2.5 PL5 through PL7 via Long Expires Header Plaintext Storage of Hostnames and Keys in SSH Known_Hosts File CAM TCP Port Denial of Service Vulnerability Multiple Buffer Overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07, and 1.11 Arbitrary Command Execution via Spoofed CAFT Packets in Computer Associates (CA) Message Queuing (CAM / CAFT) Directory Traversal Vulnerability in HAURI Anti-Virus Products Insecure Temporary File Creation in pwmconfig in LM_sensors SQL Injection Vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 Disputed Cross-Site Scripting (XSS) Vulnerabilities in Land Down Under (LDU) 800 Multiple SQL Injection Vulnerabilities in Land Down Under (LDU) 800 Disputed by Vendor Arbitrary Web Script Injection via EXIF Data in Coppermine Photo Gallery Insufficient Access Control in ACNews Allows Remote Information Disclosure Remote Server Name Spoofing Vulnerability in Microsoft IIS 5.1 and 6 Buffer Overflow in Sysinternals Process Explorer 9.23: Arbitrary Code Execution via Long CompanyName Field Bypassing Access Restrictions in BEA WebLogic Portal 8.1 through SP4 Privilege Escalation Vulnerability in Cisco Intrusion Prevention System CLI Logic Arbitrary Command Execution in DTLink AreaEdit SpellChecker Plugin SQL Injection Vulnerabilities in PHPKit 1.6.1: Remote Code Execution Arbitrary Command Execution in Virtual Edge Netquery 3.11 via nquser.php Arbitrary PHP Code Execution in SaveWebPortal 3.4 Directory Traversal Vulnerability in SaveWebPortal 3.4 Remote File Inclusion Vulnerability in SaveWebPortal 3.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in SaveWebPortal 3.4 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PostNuke 0.760-RC4b Arbitrary SQL Command Execution Vulnerability in PostNuke Downloads Module Arbitrary Code Execution Vulnerability in RunCMS 1.2 and Earlier Multiple SQL Injection Vulnerabilities in RunCMS 1.2 and Earlier Symlink Attack Vulnerability in CVS 1.12.12 and Earlier Remote Code Execution Vulnerability in WinAce 2.6.0.5 and Earlier Versions via Long File Name Buffer Overflow SSL Certificate Spoofing Vulnerability in CiscoWorks Management Center for IDS Sensors and Monitoring Center for Security Improper Access Restriction to Password Hashes in IBM Lotus Notes SQL Injection Vulnerability in MyBulletinBoard (MyBB) 1.00 RC1-4 via uid Parameter in search.php Arbitrary Script Injection via Hex-encoded Keywords Parameter in Nephp Publisher Enterprise 3.04 Unrestricted File Upload Vulnerability in PHPKit 1.6.1 Bypassing Access Restrictions in mod_ssl Heap-based Buffer Overflow in Firefox and Mozilla Suite Denial of Service and Arbitrary Code Execution Vulnerability in Firefox and Mozilla Suite XML HTTP Request Header Modification Vulnerability DOM Object Spoofing Vulnerability in Firefox and Mozilla Suite Arbitrary Code Execution via Integer Overflow in Firefox and Mozilla Suite Remote Code Execution via about: page in Firefox and Mozilla UI Spoofing Vulnerability in Firefox and Mozilla Suite Denial of Service Vulnerability in Linux 2.4 Kernel on 64-bit x86 Architectures Kernel Denial of Service and Code Execution Vulnerability in Linux 2.6.14.1 Remote Code Execution via Format String Vulnerability in Real HelixPlayer and RealPlayer 10 Privilege Escalation via Help Launch in ISS BlackIce 3.6 Denial of Service Vulnerability in IBM Lotus Domino LDAP Server Arbitrary File Creation Vulnerability in Mac OS X Directory Services Symlink Attack Vulnerability in Mac OS X Directory Services Format String Vulnerability in VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0 Arbitrary Command Execution via Bluetooth Device Name in Nokia Affix 2.1.2 and 3.2.0 Remote File Inclusion Vulnerability in WebCalendar 1.0.1 and Earlier Buffer Overflow in MPlayer 1.0pre7 and Earlier via Crafted PCM Audio Data Ventrilo Denial of Service Vulnerability Stack-based Buffer Overflow in HAURI Anti-Virus Products Cross-Site Scripting (XSS) Vulnerabilities in Foojan PHP Weblog via Referer Field Sensitive Information Disclosure in Foojan PHP Weblog SQL Injection Vulnerability in PaFileDB 3.1 Allows Remote Code Execution via auth.php Arbitrary Script Injection via File Attachment in SqWebMail 5.0.4 Improper Permission Check in QNX RTOS Inputtrap Utility Arbitrary File Read Vulnerability in Home Ftp Server 1.0.7 Sensitive Information Exposure in Home FTP Server 1.0.7 Apache 2.0 Byte-Range Filter Denial of Service Vulnerability Bypassing Firewall Rules via HTTP CONNECT Requests in Astaro Security Linux 6.0 Sensitive Information Disclosure in Astaro Security Linux 6.0 HTTP Proxy Astaro Security Linux 6.0 Webmin Directory Traversal Vulnerability Information Disclosure Vulnerability in AWStats 6.4 and Earlier Versions Arbitrary Code Execution Vulnerability in Simple PHP Blog (SPHPBlog) Cross-Site Scripting (XSS) Vulnerability in Gallery 1.5.1-RC2 and Earlier via EXIF Data Injection Arbitrary Web Script Injection via EXIF Data in phpGraphy 0.9.9a and Earlier YaPig 0.95 and Earlier: Cross-Site Scripting (XSS) via EXIF Data Injection Arbitrary Web Script Injection via EXIF Data in PhotoPost PHP Pro 5.1 Java ServerSocket Port Interception Vulnerability on Apple Mac OS X Keychain Access Password Exposure Vulnerability Privilege Escalation Vulnerability in Authorization Services for Apple Mac OS X 10.3.9 Vulnerability: Unauthorized Access to Desktop via SecurityAgent in Apple Mac OS X 10.4.2 Arbitrary Code Execution Vulnerability in Java Extensions for QuickTime 6.52 and Earlier in Apple Mac OS X 10.3.9 Remote Code Execution Vulnerability in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2 Uninitialized Memory Disclosure Vulnerability in Mail.app for Mac OS X 10.3.9 Inclusion of Decrypted Message Contents in Auto-Reply Rules in Mail.app Buffer Overflow Vulnerability in ImageIO for Apple Mac OS X 10.4.2 Arbitrary File Overwrite Vulnerability in Mac OS X Malloc Function Misrepresentation of File and Group Ownership Information in Finder Get Info Window Mac OS X 10.4.2 Software Update Vulnerability: Failure to Prompt User for Update Reset, Potentially Blocking Critical Security Updates Delayed Access Control Synchronization Vulnerability in Mac OS X 10.4 up to 10.4.2 Memory Leakage Vulnerability in Mac OS X 10.4.2 and Earlier Integer Overflow in Apple QuickTime MOV File Parsing Arbitrary Code Execution via Integer Overflow in Apple QuickTime Denial of Service Vulnerability in Apple QuickTime Player 7.0.3 and Earlier Arbitrary Code Execution Vulnerability in Apple QuickTime 7.0.3 and Earlier Heap-based Buffer Overflow in CoreFoundation Allows Remote Code Execution via URL Validation Arbitrary Code Execution via Negative Values in Symantec AntiVirus Scan Engine Administrative Interface Privilege Escalation in Symantec Norton AntiVirus 9.0.3 LiveUpdate for Macintosh Arbitrary Code Injection through phpGroupWare 0.9.16.000 Main Screen Message ClearText Credential Storage in Avaya VPNRemote OpenTTD Multiple Format String Vulnerabilities Buffer Overflow Vulnerabilities in OpenTTD before 0.4.0.1: Denial of Service and Arbitrary Code Execution Windows Firewall User Interface Vulnerability Cleartext Storage of Credentials in Symantec AntiVirus Corporate Edition LiveUpdate Log File Buffer Overflow in LeapFTP Allows Remote Code Execution via Long Host String in Site Queue (.lsq) File Sophos Antivirus Library Heap-Based Buffer Overflow Vulnerability SqWebMail 5.0.4 Cross-Site Scripting (XSS) Vulnerability Vulnerability: Renamed Administrator and Guest Accounts Bypass in WRQ Reflection for Secure IT Windows Server 6.0 Case-Sensitive Access Bypass in WRQ Reflection for Secure IT Windows Server 6.0 Stack-based buffer overflows in University of Minnesota gopher client 3.0.9: Remote Code Execution Vulnerabilities Arbitrary Command Execution Vulnerability in HP OpenView Network Node Manager Lithium II mod 1.24 for Quake 2 Format String Vulnerability PHP File Inclusion Vulnerability in phpWebNotes 2.0.0 via extract() Function Cross-Site Scripting (XSS) Vulnerabilities in Looking Glass 20040427 Remote Code Execution via Shell Metacharacters in Looking Glass 20040427 DNS Lookup Query Field Arbitrary SQL Execution Vulnerability in MyBB's member.php iTAN Online-Banking Security System Vulnerability: Man-in-the-Middle Attack Facilitating Phishing XSS Vulnerability in Land Down Under (LDU) Signature Field Arbitrary PHP Code Execution via Avatar Upload in FUD Forum before 2.7.0 PHP Remote File Inclusion Vulnerability in AutoLinks Pro 2.1 al_initialize.php PHP-Fusion 6.00.107 XSS Vulnerability in Nested URL BBCode Tags SQL Injection Vulnerability in Cosmoshop 8.10.78 Administration Login Panel Plaintext Password Storage Vulnerability in Cosmoshop 8.10.78 and Earlier Arbitrary File Read Vulnerability in cosmoshop 8.10.78 and Earlier Arbitrary File Deletion Vulnerability in Simple PHP Blog's comment_delete_cgi.php SQL Injection Vulnerabilities in Land Down Under (LDU) 801 and Earlier: Remote Code Execution Authentication Bypass in BFCommand & Control Server Manager BFCC and BFVCC Bypassing Administrative Restrictions in BFCommand & Control Server Manager Denial of Service Vulnerability in BFCommand & Control Server Manager Directory Traversal Vulnerability in phpLDAPadmin 0.9.6 and 0.9.7 Remote File Inclusion Vulnerability in phpLDAPadmin 0.9.6 and 0.9.7 Denial of Service Vulnerability in Squid 2.5.STABLE10 and Earlier Denial of Service Vulnerability in Squid 2.5.STABLE10 and Earlier OpenSSH Dynamic Port Forwarding Vulnerability GSSAPIDelegateCredentials Vulnerability in OpenSSH Buffer Overflow Vulnerability in Linksys WRT54G 3.01.03, 3.03.6, and Earlier Versions Memory Leak in SCSI Procfs Interface in Linux Kernel 2.6.13 and Earlier Inadequate Name_Index Comparison in Linux Kernel 2.6 Ext2 and Ext3 File System Code Leads to Default ACL Failure Arbitrary Script Injection in Hiki 0.8.1 to 0.8.2 via Login Link Integer Overflow Vulnerability in GroupWise 6.5.3 Registry Parsing Code Remote Code Execution in e107 0.6 via forum_post.php Vulnerability Denial of Service Vulnerability in BNBT EasyTracker 7.7r3.2004.10.27 and Earlier Improper Privilege Dropping in frox 0.7.18 Allows Local File Read Deny ACL Parsing Vulnerability in Frox 0.7.16 and 0.7.17 Arbitrary File Overwrite Vulnerability in SILC Daemon Stack-based Buffer Overflow Vulnerabilities in Urban before 1.5.3 Insecure DT_RPATH vulnerability in Net-SNMP 5.2.1.2 and earlier on Gentoo Linux Remote Code Execution in man2web via -P Arguments Directory Traversal Vulnerability in FlatNuke 2.5.6 and Earlier Versions Arbitrary Web Script Injection Vulnerability in FlatNuke 2.5.6 Path Disclosure and Denial of Service Vulnerability in FlatNuke 2.5.6 via MS-DOS Device Names in print.php Greymatter Cross-Site Scripting (XSS) Vulnerability in Control Panel Log Viewer Remote Information Disclosure Vulnerability in Simple Machines Forum (SMF) 1-0-5 and Earlier Cross-Site Scripting (XSS) Vulnerability in DownFile 1.3 Remote Code Execution Vulnerability in DownFile 1.3 XSS Vulnerability in SqWebMail 5.0.4 Allows Injection of Arbitrary Web Script or HTML via Internet Explorer Conditional Comments Kernel Memory Modification and Execution Flow Manipulation in Windows NT 4.0 and 2000 File Download Dialog Box Manipulation Vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6 HTTPS Proxy Vulnerability in Microsoft Internet Explorer 5.01, 5.5, and 6 Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Phorum 5.0.17a and Earlier Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 SQL Injection Vulnerability in login.php in myBloggie 2.1.3-beta and Earlier Cross-Site Scripting (XSS) Vulnerabilities in MAXdev MD-Pro 1.0.72 through dl-search.php and wl-search.php Unspecified Vulnerabilities in MAXdev MD-Pro 1.0.72 and Earlier Buffer Overflow Vulnerability in Cisco IOS Firewall Authentication Proxy for FTP and Telnet Sessions Buffer Overflow Vulnerability in DameWare Mini Remote Control (dwrcs.exe) Allows Remote Code Execution via Username Authentication Bypass Vulnerability in Hesk 0.92 Buffer Overflow Vulnerability in Indiatimes Messenger 6.0 Plaintext Transmission of Credentials in Ariba Spend Management System Arbitrary PHP Code Execution via lang.php in CMS Made Simple 0.10 and Earlier Arbitrary Command Execution in Barracuda Spam Firewall (Firmware 3.1.16 and 3.1.17) via img.pl Vulnerability Directory Traversal Vulnerability in Barracuda Spam Firewall img.pl Barracuda Spam Firewall Firmware 3.1.16 and 3.1.17 Argument Injection Vulnerability Denial of Service Vulnerability in SlimFTPd 3.17 Local Privilege Escalation via Symlink Attack in smb4k 0.4 and earlier versions Denial of Service Vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in GuppY 4.5.3a and Earlier CRLF Injection Vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 Arbitrary Script Injection in Unclassified NewsBoard 1.5.3 Stack-based buffer overflow in WinACE UNACEV2.DLL allows arbitrary code execution via long filename in ACE archive Open Mail Relay Vulnerability in Free SMTP Server 2.2 Remote Code Execution via Fetch.FetchContact.1 ActiveX Control Plaintext Storage of User Credentials in Savant Web Server Arbitrary Web Script Injection via Server Field in Nikto 1.35 and Earlier Arbitrary Web Script Injection via Server Field in N-Stealth Commercial and Free Editions Unauthenticated Remote Access Vulnerability in ADSL Road Runner Modem Arbitrary Web Script Injection Vulnerability in OpenWebMail 2.41 Local File Overwrite Vulnerability in URBAN 1.5.3_1 Multiple PHP Remote File Inclusion Vulnerabilities in aMember Pro 2.3.4 Plaintext Storage of Usernames and Passwords in Mercora IMRadio 4.0.0.0 BlueWhaleCRM Account ID SQL Injection Vulnerability Plaintext Storage of Sensitive Information in ZipTorrent 1.3.7.3 Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin 2.6.4 and Earlier Arbitrary Code Execution Vulnerability in Solaris 10 net-svc Script Buffer Overflow Vulnerability in IDN Support in Mozilla Firefox and Netscape Denial of Service Vulnerability in ipt_recent Kernel Module on 64-bit Processors Time Test Vulnerability in ipt_recent Kernel Module Denial of Service Vulnerability in CUPS Daemon Arbitrary Code Execution Vulnerability in Py2Play via Pickled Objects Privilege Escalation via umount Remount Option Arbitrary Code Execution Vulnerability in TWiki's History Function Format String Vulnerability in SEARCH Command of GNU Mailutils 0.6 IMAP4D Server Weak Encryption Scheme in Advansysperu Software USB Lock Auto-Protect (AP) 1.5 Allows Password Disclosure and USB Interface Bypass SQL Injection Vulnerabilities in phpCommunityCalendar 4.0.3 and Earlier Versions Authentication Bypass Vulnerability in phpCommunityCalendar 4.0.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpCommunityCalendar 4.0.3 Arbitrary Script Injection in Land Down Under (LDU) 801 and Earlier via events.php Description Field Incomplete Blacklist Vulnerability in MAXdev MD-Pro 1.0.73 Multiple Cross-Site Scripting (XSS) Vulnerabilities in MAXdev MD-Pro 1.0.73 and Earlier Versions Information Disclosure Vulnerability in MAXdev MD-Pro 1.0.73 and Earlier Versions SQL Injection Vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 Bypassing Restrictions in Check Point NGX R60 CIFS Service Group Rule Insecure Access Control in SecureOL VE2 1.05.1008 Allows Unauthorized Physical Memory Access Arbitrary File Read/Write Vulnerability in WebArchiveX.dll 5.5.0.76 Directory Traversal Vulnerability in PBLang 4.65 and Earlier Versions Direct static code injection vulnerability in setcookie.php in PBLang 4.65 and earlier versions Arbitrary Code Injection through User Registration in PBLang 4.65 and Earlier Versions Sensitive Information Disclosure via Null Byte in setcookie.php SQL Injection Vulnerability in WEB//NEWS 1.4: Remote Code Execution Sensitive Information Disclosure in WEB//NEWS 1.4 via Direct Request to Actions Directory Weak Encryption Scheme for Storing Passwords in FileZilla Configuration File CjTagBoard 3.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in details.php CjLinkOut 1.0 top.php Cross-Site Scripting (XSS) Vulnerability Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 Arbitrary SQL Execution and File Extension Bypass Vulnerability in class-1 Forum Software 0.24.4 Heap-based Buffer Overflow in NOD32 2.5 with nod32.002 1.033 build 1127 Denial of Service Vulnerability in Zebedee 2.4.1 Denial of Service Vulnerability in Linksys WRT54G Router Authentication Bypass and Configuration Modification in Linksys WRT54G Router Weak Encryption in Linksys WRT54G Router Configuration (CVE-2005-2914) Authentication Bypass and Remote Code Execution in Linksys WRT54G Denial of Service Vulnerability in Squid 2.5.STABLE10 and Earlier Symlink Attack Vulnerability in gtkdiskfree's open_cmd_tube Function Denial of Service Vulnerability in Clam AntiVirus (ClamAV) before 0.87 Buffer Overflow in ClamAV's libclamav/upx.c Allows Remote Code Execution Heap-based Buffer Overflow in RealNetworks Embedded Player IMail Server 8.20 IMAP LIST Command Denial of Service Vulnerability SGI IRIX runpriv Privilege Escalation Vulnerability Stack-based Buffer Overflow in backupsh and authsh in SCO Openserver 5.0.7 via Long HOME Environment Variable Stack-based Buffer Overflow in ppp in SCO Unixware 7.1.3 and 7.1.4 Arbitrary Command Execution Vulnerability in Lynx 2.8.5 and Earlier Versions Stack-based Buffer Overflow in _chm_find_in_PMGL Function in chmlib SMTP Service Format String Vulnerability in IMail Server 8.20 Insecure Default Permissions in Check Point ZoneAlarm Products Buffer Overflow Vulnerability in UW-IMAP Server Allows Remote Code Execution Privilege Escalation Vulnerability in SCO UnixWare 7.1.3 and 7.1.4 Unquoted Windows Search Path Vulnerability in Microsoft AntiSpyware Unquoted Windows Search Path Vulnerability in RealPlayer Versions 10.5 and Earlier Unquoted Windows Search Path Vulnerability in iTunesHelper.exe Unquoted Windows Search Path Privilege Escalation Vulnerability in VMWare Workstation 5.0.0 build-13124 Unquoted Windows Search Path Privilege Escalation Vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) XMail 1.22 Stack-Based Buffer Overflow Vulnerability Arbitrary File Creation and Overwrite Vulnerability in GNOME Workstation Command Center (gwcc) World-readable temporary files in arc 5.21j and earlier versions allow unauthorized access to sensitive information Vulnerability: Weak Message Digest Algorithm in OpenSSL Buffer Overflow in KillProcess 2.20 and Earlier: Arbitrary Code Execution via Long FileDescription Bypassing Kill List Restrictions in KillProcess 2.20 and Earlier User Impersonation Vulnerability in pam_per_user before 0.4 Arbitrary Web Script Injection Vulnerability in Sawmill 7.0.0 through 7.1.13 Directory Traversal Vulnerability in AzDGDatingLite 2.1.3 and Earlier Versions Arbitrary File Read Vulnerability in Subscribe Me Pro 2.044.09P and Earlier Arbitrary Web Script Injection in MIVA Merchant 5 via Customer_Login Parameter SQL Injection Vulnerability in ATutor's password_reminder.php Arbitrary Code Execution Vulnerability in ATutor 1.5.1 and Earlier Versions Insufficient Access Control and Predictable Filenames in ATutor 1.5.1 Remote Code Execution Vulnerability in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3 Arbitrary Code Execution via Format String Vulnerabilities in GNOME Data Access Library Privilege Escalation via Incomplete Blacklist Vulnerability in Sudo 1.6.8 and Earlier Local Privilege Escalation via Symlink Attack in cfengine 1.6.5 and 2.1.16 Remote Code Execution Vulnerability in ProZilla 1.3.7.4 and Earlier Versions World-readable permissions on ntlmaps configuration file in pre-0.9.9 versions allow unauthorized access to credentials Vulnerability: Bypassing Security Restrictions in mod_auth_shadow for Apache AbiWord RTF Import Stack-Based Buffer Overflow Vulnerability Arbitrary Command Execution Vulnerability in Python SVG Import Plugin for DIA Format String Vulnerability in xine-lib's input_cdda.c Command Injection Vulnerability in Firefox 1.0.6 and Mozilla 1.7.10 Protocol Version Rollback Vulnerability in OpenSSL Memory Leak Vulnerability in Apache 2 Worker MPM KWord RTF Importer Heap-Based Buffer Overflow Vulnerability Stack-based buffer overflows in AbiWord RTF Import Feature Denial of Service Vulnerability in udp_v6_get_port Function Null Dereference Vulnerability in libungif Library Denial of Service via Infinite Loop in gdk-pixbuf XPM Image Rendering Library Integer Overflow in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 Allows Arbitrary Code Execution via XPM File Brute Force Password Guessing Vulnerability in SELinux PAM Uninitialized Variables in pnmtopng in netpbm before 10.25 Vulnerability SQL Injection Vulnerability in Noah's Classifieds index.php Arbitrary Web Script Injection Vulnerability in phpoutsourcing Noah's Classifieds 1.3 Orion 1.3.8 and 1.4.5 Cross-Site Scripting (XSS) Vulnerability CompaqHTTPServer 2.1 Cross-Site Scripting (XSS) Vulnerability Oracle Reports SQL Injection Vulnerability Bypassing Port Restrictions on Avocent CCM Console Server Firmware 2.1 CCM4850 SQL Injection Vulnerability in AEwebworks aeDating Script 4.0 and Earlier: Remote Code Execution via Country Parameter Privilege Escalation Vulnerability in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 SQL Injection Vulnerability in Digital Scribe 1.4 Login Page Vulnerability: Information Disclosure in HP LaserJet 2430 and Similar Printers Multiple SQL Injection Vulnerabilities in DeluxeBB 1.0 and 1.0.5 Sensitive Information Exposure in AuthInfo.java Arbitrary File Overwrite Vulnerability in ncompress 4.2.4 and Earlier Local Privilege Escalation via Symlink Attack in arc 5.21j and Earlier Denial of Service Vulnerability in HP Tru64 UNIX and HP-UX FTP Daemon Remote Code Execution via XSS in IBM Rational ClearQuest Web Client Local File Manipulation Vulnerability in Bacula 1.36.3 and Earlier Buffer Overflow Vulnerabilities in VERITAS Storage Exec and StorageCentral ActiveX Controls Directory Traversal Vulnerabilities in PHP Advanced Transfer Manager 1.30 Default Password Vulnerability in PHP Advanced Transfer Manager 1.30 Sensitive PHP Configuration Information Disclosure in PHP Advanced Transfer Manager 1.30 Cross-Site Scripting (XSS) Vulnerabilities in PHP Advanced Transfer Manager 1.30 Unspecified Denial of Service Vulnerability in Solaris 10 tl Driver Denial of Service Vulnerability in Multi-Computer Control System (MCCS) 1.0 SQL Injection Vulnerability in NooTopList 1.0.0 Release 17: Remote Code Execution via index.php SQL Injection Vulnerability in Interakt MX Shop 3.2.0: Remote Code Execution via index.php Parameters Authentication Bypass Vulnerability in Hesk Helpdesk Software Arbitrary Web Script Injection and Attachment Filename Spoofing in Opera Mail Client File Type Spoofing Vulnerability in Opera Arbitrary Code Execution in Tofu 0.2 via Crafted Pickled Objects Arbitrary Script Injection Vulnerability in CuteNews index.php CuteNews 1.4.0 and Earlier: Direct Static Code Injection Vulnerability in Flood Protection Feature Symlink Attack Vulnerability in texinfo's sort_offline Function Insecure Permissions in MasterDataCD::createImage Function Allows Unauthorized Access to ISO Images Buffer Overflow in liby2util in YaST for SuSE Linux 9.3: Arbitrary Code Execution via Long Loc Entry Ensim Webappliance Login Field Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection Vulnerability in IBM Lotus Domino 6.5.2 Unspecified Vulnerabilities in PHP-Nuke WYSIWYG Editor Arbitrary File Inclusion Vulnerability in Content2Web 1.0.1 Denial of Service Vulnerability in Apple Safari via Crafted data:// URL Multiple SQL Injection Vulnerabilities in vBulletin before 3.0.9 Multiple Cross-Site Scripting (XSS) Vulnerabilities in vBulletin before 3.0.9 Arbitrary File Upload Vulnerability in vBulletin 3.0.9 and Earlier Multiple SQL Injection Vulnerabilities in vBulletin 3.0.9 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in vBulletin 3.0.9 and Earlier Multiple SQL Injection Vulnerabilities in vBulletin 3.0.7 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in vBulletin 3.0.7 and Earlier Directory Traversal Vulnerability in Alstrasoft Epay Pro 2.0 and Earlier SMTP Message Filtering Bypass in Sybari Antigen 8.0 SR2 Remote Code Execution Vulnerability in AhnLab V3Pro, V3 VirusBlock, and V3Net for Windows Server Directory Traversal Vulnerability in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, and V3Net for Windows Server 6.0 Build 6.0.0.383 Buffer Overflow Vulnerability in vxFtpSrv 0.9.7: Remote Code Execution via Long USER Name Buffer Overflow Vulnerability in vxTftpSrv 1.7.0 Allows Remote Code Execution Vulnerability: Stack-based Buffer Overflow in vxWeb 1.1.4 Null Session Authentication Bypass in Compuware DriverStudio Remote Control Service (DSRsvc.exe) 2.7 and 3.0 Beta 2 Denial of Service Vulnerability in Compuware DriverStudio Remote Control Service Plaintext Password Storage Vulnerability in File Transfer Anywhere 3.01 Arbitrary Script Injection in Handy Address Book Server 1.1 via SEARCHTEXT Parameter Unspecified Remote Drive Listing and Reading Vulnerability in Hosting Controller 6.1 before Hotfix 2.4 SQL Injection Vulnerability in infopage.asp in Mall23 eCommerce Directory Traversal Vulnerability in TAC Vista Web Interface (ISALogin.dll) Allows Remote File Reading Unintentional File Upload Vulnerability in Opera Web Browser Authentication Bypass Vulnerability in Webmin and Usermin SQL Injection Vulnerability in AddItem.asp in Mall23 eCommerce Denial of Service Vulnerabilities in Linux Kernel before 2.6.13.2 SQL Injection Vulnerability in My Little Forum 1.5 and 1.6 beta's search.php SQL Injection Vulnerability in password.php in PhpMyFaq 1.5.1 Allows Remote Attackers to Gain Administrator Privileges Cross-Site Scripting (XSS) Vulnerabilities in PhpMyFaq 1.5.1 Directory Traversal and Code Injection Vulnerability in PhpMyFaq 1.5.1 Insufficient Access Control and Predictable Filenames in PhpMyFaq 1.5.1 Information Disclosure Vulnerability in PhpMyFaq 1.5.1 ARJ Plugin Buffer Overflow Vulnerability Arbitrary SQL Command Execution in jportal 2.3.1 via SQL Injection in module/down.inc.php Denial of Service Vulnerability in sys_set_mempolicy Function Directory Traversal Vulnerability in PHP 4.4.0 and Other Versions USB Request Block (URB) Stale Pointer Denial of Service Vulnerability in Linux Kernel 2.6.8 to 2.6.14-rc2 Arbitrary Shell Command Execution Vulnerability in TWiki's Include Function FTP Bypass Vulnerability in FortiGate 2.8 Bypassing URL Blocker in Fortinet FortiGate 2.8 Unspecified Vulnerabilities in Opera 8.50: Cache Directive and Cookie Comment Encoding Issues Buffer Overflow Vulnerability in getconf on IBM AIX 5.2 to 5.3 Stack-based buffer overflow vulnerabilities in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 AlstraSoft E-Friends 4.0 Index.php Remote File Inclusion Vulnerability SQL Injection Vulnerability in MailGust 1.9: Remote Code Execution via Email Field Remote Code Execution in MultiTheftAuto 0.5 Patch 1 and Earlier Denial of Service Vulnerability in MultiTheftAuto 0.5 Patch 1 and Earlier Cross-Site Scripting (XSS) Vulnerability in PerlDiver 1.x via perldiver.pl Arbitrary Web Script Injection Vulnerability in PerlDiver 2.x Unspecified Vulnerability in Eric Integrated Development Environment (eric3) Before 3.7.2: Potential Security Exploit Arbitrary File Overwrite Vulnerability in xferfaxstats in HylaFax 4.2.1 and Earlier HylaFax 4.2.1 and earlier UNIX Domain Socket Ownership Vulnerability Denial of Service Vulnerability in Solaris UFS with Logging Enabled Arbitrary SQL Command Execution Vulnerability in Interchange 4.9.3 - 5.2.0 Injection of Interchange Tag Language (ITL) elements in Interchange 5.0.1 Remote Code Execution via SQL Injection in rsyslogd Zengaia 0.2 SQL Injection Vulnerability Arbitrary SQL Command Execution Vulnerability in Simplog 0.9.1 Denial of Service Vulnerability in Microsoft Internet Explorer 5.2.3 for Mac OS Arbitrary Script Injection through PunBB Forgotten E-mail Feature Code Inclusion Vulnerability in PunBB before 1.2.8 via User Language Selection Arbitrary File Read Vulnerability in GeSHi before 1.0.7.3 Arbitrary Command Execution in wzdftpd 0.5.4 via SITE Command SQL Injection Vulnerability in SEO-Board 1.0.2 admin.php Arbitrary Script Injection in CMS Made Simple 0.10 via XSS Vulnerability Buffer Overflow Vulnerability in Sony PSP 2.0 Firmware TIFF Library Cross-Site Scripting (XSS) Vulnerabilities in Riverdark Studios RSS Syndicator Module 2.1.7 Arbitrary File Inclusion Vulnerability in contentServ 3.1 Weak Random Number Generators in SecureW2 3.0 TLS Implementation: A Vulnerability Insecure World-Readable Permissions in fetchmailconf before 1.49 Denial of Service Vulnerability in Firefox 1.0.6 via Proxy Auto-Config (PAC) Script Arbitrary Code Injection via Bug Summary in Mantis 0.19.0a1 through 1.0.0a3 Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 FL Studio 5.0.1 Heap-Based Buffer Overflow Vulnerability Bluetooth OBEX Filename Denial of Service Vulnerability in Nokia 7610 and 3210 Phones Remote Code Execution Vulnerability in Avi Alkalay man-cgi Script Remote Code Execution Vulnerability in Avi Alkalay Notify Program Remote Code Execution in Avi Alkalay nslookup.cgi Program Directory Traversal Vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl) Allows Arbitrary File Overwrite Arbitrary File Modification and Privilege Escalation in Qualcomm qpopper 4.0.8 via -t Command Line Argument Local Code Execution Vulnerability in Xsun and Xprt Commands in Solaris 7, 8, 9, and 10 PPTP Remote DoS Vulnerability in Astaro Security Linux 4.027 Username Enumeration Vulnerability in Movable Type Password Reset Feature Arbitrary File Upload Vulnerability in Movable Type Administrative Interface Arbitrary Script Injection in Movable Type 3.2 and Earlier Versions Open Redirect Vulnerability in mt-comments.cgi Cache Coherency Vulnerability in mprotect.c on Itanium IA64 Montecito Processors Race condition vulnerability in Linux 2.6 allows local users to cause deadlock via core dump during thread execution Denial of Service Vulnerability in Linux 2.6 Tracing Mechanism Denial of Service and Information Leak via ioremap in Linux 2.6 on 64-bit x86 Systems Denial of Service Vulnerability in Linux 2.6 HFS and HFS+ Modules Race condition vulnerability in ebtables netfilter module in Linux 2.6 Predictable Filename Vulnerability in Backupninja 0.8 and Earlier Plaintext Password Storage Vulnerability in Macromedia Breeze 5.0 Arbitrary Program Execution Vulnerability in NateOn Messenger's ActiveX Control Buffer Overflow Vulnerability in NateOn Messenger ActiveX Control Insecure Temporary File Creation in mpeg-tools 1.5b-r2 Remote Code Execution Vulnerability in VERITAS NetBackup Enterprise Server Mason before 1.0.0 fails to install init script, leaving system vulnerable after firewall configuration Memory Leak Vulnerability in Linux Kernel 2.6.10-2.6.13 Stack-based Buffer Overflow in HTrjis Function in Lynx 2.8.6 and Earlier Insecure Temporary File Creation Vulnerability in Module-Assistant Directory Traversal Vulnerability in GNUMP3D before 2.9.6 Allows Remote File Reading Arbitrary File Write Vulnerability in Acme thttpd before 2.23 Arbitrary File Overwrite Vulnerability in antiword 0.35 and Earlier LucidCMS 1.0.11 index.php Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection via IMG Tag in Address Add Plugin for Squirrelmail CSRF Vulnerability in Serendipity 0.8.4 and Earlier SQL Injection Vulnerability in lucidCMS 1.0.11: Remote Code Execution via Login Field Cross-Site Scripting (XSS) Vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 Information Disclosure Vulnerability in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 Directory Traversal Vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1 Bypassing Policy Restrictions in Citrix Metaframe Presentation Server 3.0 and 4.0 Buffer Overflow in Virtools Web Player 3.0.0.100 and Earlier: Remote Code Execution via Long Filename Directory Traversal Vulnerability in Virtools Web Player 3.0.0.100 and Earlier Arbitrary File Overwrite Vulnerability in cfmailfilter and cfcron.in Files for cfengine 1.6.5 Information Disclosure Vulnerability in Bugzilla Arbitrary Substring User Listing Vulnerability in Bugzilla 2.19.1 through 2.20rc2 and 2.21 Vulnerability: Cleartext NIS Password Hashes Disclosure in Procom NetFORCE 800 4.02 M10 Build 20 Remote Denial of Service Vulnerability in Cerulean Studios Trillian 3.0 Heap-based Buffer Overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 via Large Records in CAB File Denial of Service Vulnerability in 4D WebStar Mailbox Server Denial of Service Vulnerability in sblim-sfcb HTTP Adapter Denial of Service Vulnerability in sblim-sfcb Symlink Attack Vulnerability in StoreBackup before 1.19 World-readable permissions on backup root in StoreBackup before 1.19 allow local users to access sensitive information Improper UID and GID Handling in StoreBackup Before 1.19 Privilege Escalation via LIBUIM_VANILLA Environment Variable Format String Vulnerability in Weex Log_Flush Function Buffer Overflow Vulnerability in Blender Player 2.37a: Arbitrary Code Execution via Long Command Line Argument Multiple Cross-Site Scripting (XSS) Vulnerabilities in CubeCart 3.0.3 and 3.0.7-pl1 SQL Injection via Username Parameter in myBloggie 2.1.3 Beta and Earlier Format String Vulnerability in BitDefender AntiVirus Logging Functionality Remote Code Execution Vulnerability in W3C Logging for MailEnable Enterprise and Professional Directory Traversal Vulnerability in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 SQL Injection Vulnerability in messages.php in PHP-Fusion 6.00.109: Remote Code Execution via msg_send Parameter SQL Injection Vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 SQL Injection Vulnerability in messages.php in PHP-Fusion: Remote Code Execution via msg_view Parameter SQL Injection Vulnerabilities in PHP-Fusion Photogallery: Remote Code Execution Multiple SQL Injection Vulnerabilities in PHP-Fusion before 6.00.110 Polipo 0.9.8 Unspecified File Reading Vulnerability AJP Connector Information Leak Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in MediaWiki before 1.4.9 Denial of Service Vulnerability in MediaWiki 1.4.x and 1.3.x Cross-Site Scripting (XSS) Vulnerability in MediaWiki before 1.4.11 Insecure ACL Application in SECEDIT Command on Windows 2000 Missing Event Logging for File Delete Child Operations in Active Directory LDAP Client on Microsoft Windows 2000 Accepts Untrusted LDAPS Certificates Vulnerability Misleading Event ID 1704 in Microsoft Windows 2000 SP4 Improper Conversion of Japanese Composite Characters in WideCharToMultiByte Function in Windows 2000 Group Policy Bypass Vulnerability in Microsoft Windows 2000 Password Expiration Bypass Vulnerability in Microsoft Windows 2000 Local Administrator Bypass Vulnerability in Microsoft Windows 2000 Windows 2000 Terminal Services Client IP Address Logging Vulnerability Insecure ACL Handling in CHKDSK on Windows Systems Buffer Overflow in xloadimage and xli Allows Arbitrary Code Execution via Long Title Name in NIFF File World-readable and World-writable Debug File Vulnerability in Linux Kernel 2.6.10 to 2.6.13 Memory Leakage Vulnerability in Orinoco Driver Memory Leak Vulnerability in Linux Kernel 2.6.6 and Earlier Versions Buffer Overflow in GFI MailSecurity 8.1 HTTP Management Interface Denial of Service Vulnerability in HTBoundary_put_block Function of W3C libwww Buffer Overflow Vulnerability in Ethereal's Service Location Protocol Dissector Stack-based Buffer Overflow in NTLM Authentication Implementation Heap-based Buffer Overflow in GTK+ gdk-pixbuf XPM Image Rendering Library Denial of Service Vulnerability in Blue Coat Systems Inc. WinProxy Buffer Overflow in Nullsoft Winamp 5.094 via Long Line Ending in .wma Qualcomm WorldMail IMAP Server Directory Traversal Vulnerability Remote Code Execution Vulnerability in CA iGateway 3.0 and 4.0 Heap-based buffer overflow vulnerabilities in DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in xpdf 3.01 and earlier Heap-based Buffer Overflow in Xpdf 3.01 StreamPredictor Function Heap-based Buffer Overflow in JPXStream::readCodestream Function in xpdf 3.01 and Earlier ALZip Multiple Buffer Overflow Vulnerabilities Default Password Vulnerability in Planet Technology Corp FGSW2402RS Switch Firmware 1.2 Arbitrary Code Execution Vulnerability in Webroot Desktop Firewall Webroot Desktop Firewall Local Privilege Escalation Vulnerability SQL Injection Vulnerabilities in aspReady FAQ's aradmin.asp Cross-Site Scripting (XSS) Vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 Arbitrary SQL Execution Vulnerability in Utopia News Pro (UNP) 1.1.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 Plaintext Storage of SYS Password in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 Oracle XML DB 9iR2 Cross-Site Scripting (XSS) Vulnerability Cross-site scripting (XSS) vulnerability in iSQL*Plus in Oracle9i Database Server Release 2 9.0.2.4 Remote Denial of Service in iSQL*Plus for Oracle9i Database Server Release 2 9.0.2.4 Remote Denial of Service Vulnerability in Oracle Forms 4.5.10.22 Multiple SQL Injection Vulnerabilities in aeNovo, aeNovoShop, and aeNovoWYSI Plaintext Password Storage Vulnerability in aeNovo Products Vulnerability: Multiple Interpretation Error in Kaspersky Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in BitDefender Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in NOD32 Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in F-Prot Antivirus Allows Bypass of Virus Detection Remote Code Execution Vulnerability in Avast Antivirus via Malicious RAR File Vulnerability: Remote Bypass of Virus Detection in McAfee Antivirus Sophos Antivirus Multiple Interpretation Error Vulnerability Vulnerability: Remote Bypass of Virus Detection in Symantec Antivirus Vulnerability: Multiple Interpretation Error in Dr.Web Antivirus Remote Code Execution Vulnerability in Avira Antivirus Vulnerability: Multiple Interpretation Error in Norman Virus Control Antivirus Vulnerability: Remote Bypass of Virus Detection in Fortinet Antivirus Vulnerability: Multiple Interpretation Error in VBA32 Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in Rising Antivirus Vulnerability: Multiple Interpretation Error in AntiVir Antivirus Allows Bypass of Virus Detection Remote Code Execution via Malicious RAR File in eTrust-Iris and eTrust-Vet Antivirus ArcaVir Antivirus Multiple Interpretation Error Vulnerability Remote Code Execution via Malicious RAR File in UNA Antivirus Remote Code Execution via Malicious RAR File in Ikarus AntiVirus Vulnerability: Multiple Interpretation Error in ClamAV Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in Panda Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in CAT Quick Heal Allows Bypass of Virus Detection via Malicious RAR File Remote Code Execution via Malicious RAR File in TheHacker Vulnerability: Multiple Interpretation Error in Trustix Antivirus Allows Bypass of Virus Detection Vulnerability: Multiple Interpretation Error in Grisoft AVG Antivirus Allows Bypass of Virus Detection via Malicious RAR File Vulnerability: Multiple Interpretation Error in Proland Protector Plus 2000 Antivirus Multiple SQL Injection Vulnerabilities in Cyphor 0.19: Remote Code Execution and Administrative Access Arbitrary Web Script Injection Vulnerability in Cyphor 0.19 Unspecified Denial of Service Vulnerabilities in Solaris 10 SCTP Socket Option Processing Denial of Service Vulnerability in ClamAV OLE2 Unpacker Race Condition Vulnerability in Microsoft Internet Explorer: Arbitrary File Overwrite and Code Execution via User-Assisted Drag-and-Drop Action Denial of Service Vulnerabilities in Ethereal 0.10.12 and Earlier Denial of Service Vulnerability in Ethereal 0.10.12 and Earlier Multiple Buffer Overflows in Ethereal 0.10.12 and Earlier: SLIMP3 and AgentX Dissector Vulnerabilities Denial of Service Vulnerability in Ethereal 0.10.3 to 0.10.12 BER Dissector Denial of Service Vulnerability in ONC RPC Dissector in Ethereal 0.10.3 to 0.10.12 Denial of Service Vulnerability in Ethereal 0.10.12 and Earlier Denial of Service Vulnerability in Ethereal 0.10.12 X11 Dissector Denial of Service Vulnerability Unspecified Denial of Service Vulnerability in Ethereal WSP Dissector Solaris 10 Local Denial of Service Vulnerability via /proc Filesystem Directory Traversal Vulnerability in Gallery 2.0 (G2) Gallery Script Remote Code Execution Vulnerability in Snort's Back Orifice (BO) Preprocessor Static WEP Key Vulnerability in Avaya and Proxim Wireless Access Points Incorrect Minimum UID Check in CGIwrap Program on Debian GNU/Linux Remote Information Disclosure Vulnerability in cgiwrap and php-cgiwrap Packages Insecure Key Selection in Enigmail Prior to 0.92.1 Privilege Escalation via KDSKBSENT ioctl in Linux Kernel 2.6.12 Denial of Service Vulnerability in Squid FTP Client (CVE-2005-1344) Multiple SQL Injection Vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 Cross-Site Scripting (XSS) Vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 Sensitive Information Disclosure in versatileBulletinBoard (vBB) 1.0.0 RC2 via getversions.php WinRAR Format String Vulnerability Stack-based Buffer Overflow in UNACEV2.DLL for WinRAR 2.90-3.50 via Long Name ACE Archive Arbitrary Web Script Injection Vulnerability in Zeroblog's thread.php Skype for Windows Buffer Overflow Vulnerability Skype Client Integer Overflow Vulnerability Local Privilege Escalation Vulnerability in Yiff Server (yiff-server) 2.14.2 on Debian GNU/Linux Stack-based Buffer Overflow in help.cgi in Sun Java System Directory Server and Red Hat Directory Server Untrusted Search Path Vulnerability in Symantec Norton AntiVirus 9.0.3 DiskMountNotify Resource Leak and Denial of Service Vulnerability in Linux Kernel 2.6 Bridge Forwarding Table Poisoning Vulnerability Array Out-of-Bounds Vulnerability in rose_rt_ioctl Function Race condition vulnerability in ip_vs_conn_flush in Linux 2.6 and 2.4 allows for denial of service Memory Corruption Vulnerability in Linux Kernel NAT Code Information Leakage Vulnerability in sys_get_thread_area Function Remote Code Execution Vulnerability in HP-UX LPD Service Integer Overflow and Buffer Overflow Vulnerability in Jan Kybic BitMap Viewer (BMV) 1.2 Stack-based Buffer Overflow in Jan Kybic BitMap Viewer (BMV) 1.2 Allows Privilege Escalation Default Password Vulnerability in Paros 3.2.5 Allows Remote Privilege Escalation Arbitrary File Inclusion Vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 Authentication Bypass Vulnerability in Splatt Forum 3.0 to 3.2 Arbitrary Web Script Injection in TikiWiki before 1.9.1.1 Buffer Overflow Vulnerabilities in AhnLab V3 AntiVirus and MyV3 Arbitrary Web Script Injection Vulnerability in Comersus BackOffice Plus PEB Lockout Vulnerability in Kerio Personal Firewall and Server Firewall Incomplete Blacklist Vulnerability in Mailsite Express: Remote File Upload and Execution Remote Code Execution in Mailsite Express via File Upload Vulnerability Insecure Temporary File Creation in LSCFG on IBM AIX 5.2 and 5.3 SQL Injection Vulnerability in Accelerated Mortgage Manager World-writable permissions in Stani's Python Editor (SPE) 0.7.5 allow local privilege escalation. Xeobook 0.93 Multiple Cross-Site Scripting (XSS) Vulnerabilities Directory Listing and Source Code Disclosure Vulnerability in Xerver 4.17 Denial of Service Vulnerability in Typsoft FTP Server 1.11 and 1.10 Denial of Service Vulnerability in HP-UX B.11.23 on Itanium Platforms FTP Server Directory Listing Vulnerability Arbitrary Code Execution Vulnerability in OpenWBEM on SuSE Linux 9 Buffer Overflow Vulnerabilities in OpenWBEM on SuSE Linux 9 PHP File Inclusion Vulnerability in phpMyAdmin 2.6.4 and 2.6.4-pl1 Arbitrary File Inclusion Vulnerability in phpMyAdmin Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin before 2.6.4-pl3 Blender 2.36 bvh_import.py Eval Injection Vulnerability Memory Corruption Vulnerability in Clam AntiVirus FSG Unpacker (fsg.c) Multiple SQL Injection Vulnerabilities in PHP-Nuke 7.8 Multiple SQL Injection Vulnerabilities in Nuked Klan 1.7 Cross-site scripting (XSS) vulnerability in index.php in FlatNuke 2.5.6 via user parameter in profile operation Directory Traversal Vulnerability in FlatNuke 2.5.6 index.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in Zomplog 3.4 Multiple SQL Injection Vulnerabilities in Zomplog 3.4 Cross-Site Scripting (XSS) Vulnerability in phpBB 2.0.17 with Remote Avatars and Avatar Uploading Arbitrary File Overwrite Vulnerability in BMC Software Control-M 6.1.03 Cross-Site Scripting (XSS) Vulnerability in Microsoft Internet Explorer 6.0 via Corrupted Image and File Rendering Denial of Service Vulnerability in Ethereal 0.10.13 IRC Protocol Dissector Stack-based Buffer Overflow in Novell Netmail 3.5.2 IMAP Daemon SQL Injection Vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 Null Password Vulnerability in ON Symantec Discovery 4.5.x and 6.0 Multiple stack-based buffer overflows in ZipGenius versions before 6.0.2.1050 allow remote code execution Buffer Overflow in _chm_decompress_block Function in CHM Lib (chmlib) Denial of Service Vulnerability in Apache mod_php Cross-Site Scripting (XSS) Vulnerability in SiteTurn Domain Manager Pro Hardlink Vulnerability in chkstat Allows Unauthorized Permission Modification Denial of Service Vulnerability in Squid on SUSE Linux 9.0 via HTTPS (SSL) Arbitrary File Inclusion Vulnerability in Docutils in Zope MWChat 6.8 - SQL Injection Vulnerability in chat.php Multiple SQL Injection Vulnerabilities in ACID and BASE Console Scripts SQL Injection Vulnerability in MyBB's usercp.php Allows Remote Code Execution via the awayday Parameter Bypassing iSCSI Authentication in Network Appliance Data ONTAP 7.0 and Earlier PunBB Remote File Inclusion Vulnerability in common.php RSA Authentication Agent for Web 5.3 and Earlier XSS Vulnerability in GetPic Operation Arbitrary Command Execution via HTTPS URL in Snoopy 1.2 Arbitrary File Overwrite Vulnerability in Viewpatch in MGDiff 1.0 Belchior Foundry vCard 2.9 Remote File Include Vulnerability eBASEweb 3.0 SQL Injection Vulnerability Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) Arbitrary PHP Code Execution and Local File Inclusion Vulnerability in Mantis 1.0.0RC2 and 0.19.2 Arbitrary SQL Command Execution Vulnerability in Mantis 1.0.0RC2 and 0.19.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mantis before 0.19.3 Email Address Disclosure Vulnerability in Mantis before 0.19.3 User ID Caching Vulnerability in Mantis before 0.19.3 Insecure Temporary File Creation in Tux Paint's tuxpaint-import.sh Script Local File Overwrite Vulnerability in DHIS Tools DNS Package Arbitrary File Overwrite Vulnerability in noweb 2.10c and Earlier Local Privilege Escalation via Symlink Attack in tkdiff before 4.1.1 Default Installation of Horde 3.0.4: Blank Password Vulnerability Local Privilege Escalation in rssh 2.0.0 through 2.2.3 via rssh_chroot_helper Command Buffer Overflow in Environment Variable Substitution Code in OSH 1.7-14 Allows Injection of Arbitrary Environment Variables Multiple Directory Traversal Vulnerabilities in phpSysInfo 2.4 and Earlier HTTP Response Splitting Vulnerability in phpSysInfo 2.4 and Earlier Symlink Attack Vulnerability in GNU Gnump3d before 2.9.8 Out-of-Bounds Write Vulnerability in libungif Library Vulnerability: SpamAssassin 3.0.4 Bypasses Spam Detection via Large Recipient List Apache httpd mod_imap module XSS vulnerability via Referer in image maps Denial of Service Vulnerability in PHP Exif Module Stack-based Buffer Overflow in Sylpheed LDIF Import Function Directory Traversal Vulnerability in GNU Gnump3d: Unknown Impact via CGI Parameters and Cookie Values Double Decrement Vulnerability in mq_open System Call in Linux Kernel 2.6.9 Apache mod_ssl NULL Pointer Dereference Denial of Service Vulnerability Denial of Service Vulnerability in Linux Kernel 2.6.15 and Earlier Denial of Service Vulnerability in Linux Kernel 2.6 Insecure Default ACLs in Trend Micro PC-Cillin Internet Security 2005: Privilege Escalation and Denial of Service Vulnerability Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 forum/index.php allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation SQL Injection Vulnerability in Saphp Lesson: Remote Code Execution via forumid Parameter Multiple SQL Injection Vulnerabilities in DboardGear Multiple SQL Injection Vulnerabilities in DCP-Portal 6 and Earlier PHP File Inclusion Vulnerability in PHP iCalendar 2.0a2 through 2.0.1 Cross-Site Scripting (XSS) Vulnerability in SparkleBlog 2.1's journal.php Arbitrary Code Injection through Search_Enhanced Module in PHP-Nuke 7.9 SQL Injection Vulnerabilities in Woltlab Burning Board 2.7 and Earlier ArcaVir 2005 Package Multiple Interpretation Error Vulnerability Magic Byte Bug: Remote Bypass of Virus Scanning in AVG 7 7.0.323 Magic Byte Bypass Vulnerability in eTrust CA 7.0.1.4 Magic Byte Bug: Exploiting Multiple Interpretation Error in Dr.Web 4.32b Magic Byte Bug: Exploiting Multiple Interpretation Error in F-Prot 3.16c Magic Byte Bug: Exploiting Multiple Interpretation Error in Ikarus Demo Version Magic Byte Bug: Remote Bypass of Virus Scanning in Kaspersky 5.0.372 Magic Byte Bug: Multiple Interpretation Error in McAfee Internet Security Suite and McAfee Corporate The Magic Byte Bug: Bypassing Virus Scanning in Norman 5.81 with 5.83.02 Engine Magic Byte Bug: Multiple Interpretation Error in Trend Micro Products Magic Byte Bug: Bypassing Virus Scanning in Panda Titanium 2005 4.02.01 Magic Byte Bug: Remote Bypass of Virus Scanning in UNA Antivirus 1.83.2.16 Sophos 3.91 Multiple Interpretation Error Vulnerability SQL Injection Vulnerability in Techno Dreams Announcement Script SQL Injection Vulnerability in Techno Dreams Guest Book Script SQL Injection Vulnerability in Techno Dreams Mailing List Script Allows Remote Code Execution and Authentication Bypass SQL Injection Vulnerability in Techno Dreams Web Directory Script Insecure Temporary File Creation in ntop Startup Script Arbitrary Web Script Injection via Crafted URL in PHPinfo Function Remote Code Execution via parse_str Function in PHP Remote Code Execution via GLOBALS Array Manipulation in PHP File Upload Bypassing safe_mode and open_basedir restrictions in PHP before 4.4.1 through ext/curl and ext/gd Bypassing safe_mode and open_basedir directives in PHP virtual function vulnerability Format String Vulnerability in OpenVPN 2.0.x's foreign_option Function SQL Injection Vulnerabilities in oaboard Forum 1.0 Invision Gallery 2.0.3 SQL Injection Vulnerability Buffer Overflow in chcons Command in IBM AIX 5.2 and 5.3 with DEBUG MALLOC Enabled Cross-site scripting (XSS) vulnerability in Comersus BackOffice via error parameter in comersus_backoffice_supportError.asp Default Configuration of Solaris Management Console (SMC) Web Server Enables HTTP TRACE Method Vulnerability Magic Byte Bypass Vulnerability in CAT-QuickHeal 8.0 Fortinet 2.48.0.0 Vulnerability: Magic Byte Bypass in Virus Scanning TheHacker 5.8.4.128 Vulnerability: Magic Byte Bug Allows Bypass of Virus Scanning SMTP Client in Mozilla Thunderbird Allows Authentication Information Theft via MITM Attack Multiple Cross-Site Scripting (XSS) Vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 Arbitrary File Inclusion Vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 Remote Code Execution in ATutor 1.4.1 through 1.5.1-pl1 via forum.inc.php Arbitrary Web Script Injection Vulnerability in phpESP 1.7.5 and Earlier Arbitrary SQL Command Execution Vulnerability in phpESP 1.7.5 and Earlier SQL Injection Vulnerability in gCards Version 1.43: Remote Code Execution via news.php Denial of Service Vulnerability in OpenVPN 2.x TCP Mode Arbitrary Web Script Injection in Snitz Forums 2000 3.4.05 via post.asp Arbitrary Script Injection in Elite Forum 1.0.0.0 via Post Reply XSS Vulnerability Arbitrary Web Script Injection Vulnerability in eyeOS 0.8.4 desktop.php Insufficient Access Control in eyeOS 0.8.4 Allows Remote User Credential Theft Global Variable Bypass Vulnerability in phpBB 2.0.17 and Earlier Remote Code Execution Vulnerability in phpBB 2.0.17 and Earlier Remote Code Execution in phpBB 2.0.17 and earlier due to Disabled register_long_arrays Directive Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpBB 2.0.17 and Earlier SQL Injection Vulnerability in phpBB 2.0.17 UserCP Register Page Remote Code Execution via Signature_bbcode_uid Parameter in phpBB 2.0.17 Remote File Read Vulnerability in Hyper Estraier 1.0.1 on Windows Systems ASP Fast Forum Error.asp Cross-Site Scripting (XSS) Vulnerability Multiple SQL Injection Vulnerabilities in Subdreamer 2.2.1 Arbitrary Script Injection in GNUMP3D 2.9.5 and Earlier Unspecified Cross-Site Scripting (XSS) Vulnerability in GNUMP3D before 2.9.6 Denial of Service Vulnerability in Cisco CSS 11500 Content Services Switch Vulnerability: Signature Disabling and Detection Evasion in Cisco Management Center for IPS Sensors (IPS MC) 2.1 Arbitrary Web Script Injection Vulnerability in Rockliffe MailSite Express Plaintext Password Storage in Rockliffe MailSite Express Incomplete Blacklist Vulnerability in Rockliffe MailSite Express Absolute Path Traversal Vulnerability in Rockliffe MailSite Express Password Bypass Vulnerability in MiniGal 2 (MG2) 0.5.1 Buffer Overflow in Mirabilis ICQ 2003a: User-Assisted Code Execution Vulnerability Insufficient Access Control in Archilles Newsworld Allows Remote Information Disclosure and Privilege Escalation Authentication Bypass Vulnerability in Archilles Newsworld up to 1.3.0 Arbitrary Script Injection in Nuked-Klan 1.7 Unspecified vulnerability in Oracle Database Server 9i up to 10.1.0.4 (Oracle Vuln# DB01) Unspecified Vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 Unspecified Vulnerabilities in Oracle Database Server 10g with Unknown Impact and Attack Vectors Unspecified Vulnerability in Oracle Database Scheduler (Oracle Vuln# DB08) Unspecified vulnerability in Oracle Database Server 9i up to 9.0.1.5 with unknown impact and attack vectors Unspecified Vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 with Unknown Impact and Attack Vectors Unspecified Spatial Component Vulnerability in Oracle Database Server (Oracle Vuln# DB17) Oracle Database Server Programmatic Interface Multiple Unspecified Vulnerabilities (Oracle Vuln# DB26) Unspecified Vulnerabilities in Oracle Database and Application Server with Unknown Impact and Attack Vectors Unspecified vulnerability in Oracle Database and Application Server with unknown impact and attack vectors Unspecified Single Sign-On Vulnerability in Oracle Database Server and Application Server Unspecified Vulnerability in Oracle Application Server OC4J Module (Oracle Vuln# AS01) Unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 with unknown impact and attack vectors Unspecified Vulnerability in Oracle Application Server (Oracle Vuln# AS04) Unspecified Vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 Unspecified Web Cache Vulnerability in Oracle Application Server (Oracle Vuln# AS13) Unspecified Vulnerabilities in Oracle Application Server Web Cache Unspecified vulnerabilities in Oracle Collaboration Suite 10g and 9i with unknown impact and attack vectors Unspecified Vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 Unspecified Vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 Unspecified Vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 (Oracle Vuln# APPS08) Unspecified Vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 Identified in Workflow Cartridge (Oracle Vuln# APPS19) Unspecified Vulnerability in Oracle Clinical with Unknown Impact and Attack Vectors Unspecified Vulnerability in Oracle Agent in Oracle Enterprise Manager Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (PSE04) Unspecified Vulnerability in JDEdwards HTML Server with Unknown Impact and Attack Vectors Unspecified Vulnerability in Oracle Enterprise CRM Sales (Oracle Vuln# CRM01) Denial of Service Vulnerabilities in Serv-U FTP Server before 6.1.0.4 F-Secure Anti-Virus for Microsoft Exchange and Internet Gatekeeper Directory Traversal Vulnerability SQL Injection Vulnerability in News2Net 3.0.0.0: Remote Code Execution via category parameter in index.php SQL Injection Vulnerability in MailWatch for MailScanner 1.0.2: Remote Code Execution MailWatch for MailScanner 1.0.2 Directory Traversal Vulnerability Information Disclosure Vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Simple PHP Blog 0.4.5 and Earlier XCP DRM Software Vulnerability: Hidden Activities Exploitation Denial of Service Vulnerability in Hasbani Web Server (WindWeb) 2.0 Unspecified Denial of Service Vulnerability in HP OpenVMS Integrity and Alpha Cross-Site Scripting (XSS) Vulnerability in Invision Gallery 2.0.3 SQL Injection Vulnerability in PHPCafe.net Tutorials Manager 1.0 Beta 2 Arbitrary Web Script Injection Vulnerability in Ringtail CaseBook 6.1.0 Login Page User Enumeration Vulnerability in Ringtail CaseBook 6.1.0 Login Page Heap-based Buffer Overflow in System Timers in Cisco IOS 12.0 to 12.4 Unencrypted Traffic Exploitation in Cisco Lightweight Access Points Buffer Overflow Vulnerability in GO-Global for Windows 3.1.0.3270 and Earlier NeroNET 1.2.0.2 Directory Traversal Vulnerability Remote Code Execution Vulnerability in Glider Collect'n kill 1.0.0.0 via Buffer Overflow Multiple Format String Vulnerabilities in Scorched 3D 39.1 (bf) and Earlier Multiple Buffer Overflow Vulnerabilities in Scorched 3D 39.1 (bf) and Earlier Denial of Service Vulnerability in Scorched 3D 39.1 (bf) and Earlier Buffer Overflow Vulnerability in Asus Video Security 3.5.0.0 and Earlier Directory Traversal Vulnerability in Asus Video Security 3.5.0.0 and Earlier Buffer Overflow Vulnerabilities in FlatFrag 0.3 and Earlier: Remote Code Execution via Receiver Function Denial of Service Vulnerability in FlatFrag 0.3 and Earlier Denial of Service Vulnerability in Battle Carry .005 and Earlier Ar-blog 5.2 and Earlier XSS Vulnerability in Blog Comments Authentication Bypass Vulnerability in Ar-blog 5.2 and Earlier Cross-site scripting (XSS) vulnerability in PHP Handicapper's msg.php allows remote code injection SQL Injection Vulnerability in process_signup.php in PHP Handicapper Sensitive Information Leakage through Session Trace in IBM WebSphere Application Server Remote Bypass Vulnerability in Frisk F-Prot Antivirus via ZIP File Version Header Denial of Service Vulnerability in ClamAV's tnef_attachment Function Denial of Service Vulnerability in ClamAV's libmspack Library Cerberus Helpdesk Attachment and Ticket Disclosure Vulnerability Privilege Escalation via chfn Argument Check Vulnerability Buffer Overflow Vulnerability in swcons in IBM AIX 5.2 with Debug Malloc Enabled Arbitrary Script Injection via Style Attributes in Entropy Chat Script Arbitrary Web Script Injection in Sambar Server 6.3 BETA 2 Arbitrary File Inclusion and Code Execution Vulnerability in CuteNews 1.4.1 SQL Injection Vulnerability in Gallery 2.4's showGallery.php Allows Remote Code Execution Multiple SQL Injection Vulnerabilities in JPortal Denial of Service Vulnerability in Apache Tomcat 5.5.0 to 5.5.11 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Spymac Web OS 4.0 Arbitrary Web Script Injection Vulnerability in VUBB Alpha rc1 Information Disclosure: Remote Path Disclosure in VUBB alpha rc1 Cross-Site Scripting (XSS) Vulnerabilities in Chipmunk Forum Script Arbitrary Web Script Injection Vulnerability in Chipmunk Topsites Script Arbitrary Web Script Injection Vulnerability in Chipmunk Directory Script Information Disclosure Vulnerability in Chipmunk Scripts Guestbook SQL Injection Vulnerability in PunBB 1.2.7 and 1.2.8 search.php Multiple PHP File Inclusion Vulnerabilities in MySource 2.14.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in MySource 2.14.0 SQL Injection Vulnerability in resetcore.php in e107 0.617 through 0.6173 Arbitrary Web Script Injection Vulnerability in ManageEngine Netflow Analyzer 4.0.2 Remote Code Execution Vulnerability in GpsDrive's friendsd2 via Format String in dir Field Buffer Overflow Vulnerability in linux-ftpd-ssl 0.17 Allows Remote Code Execution Stack-based Buffer Overflow in Adobe Macromedia Shockwave Player Installer ActiveX Control Buffer Overflow in Ipswitch Collaboration Suite 2006.02 and Earlier: Remote Code Execution via Long FETCH Command Race Condition in do_coredump: Denial of Service Vulnerability in Linux Kernel 2.6 Arbitrary Web Script Injection Vulnerability in TikiWiki 1.9.0 through 1.9.2 Information Disclosure Vulnerability in TikiWiki 1.9.0 through 1.9.2 Antville 1.1 Cross-Site Scripting (XSS) Vulnerability in notfound.skin Local Privilege Escalation Vulnerability in fusermount Authentication Bypass Vulnerability in Courier Mail Server Buffer Overflow Vulnerability in OSH Allows Arbitrary Code Execution Remote Code Execution Vulnerability in Network Block Device (nbd) Server 2.7.5 and Earlier, and 2.8.0 through 2.8.2 Buffer Overflow Vulnerability in KETM 0.0.6 SQL Injection Vulnerability in phpBB 2 before 2.0.18: Remote Code Execution via Topic Type Remote Code Execution Vulnerability in phpBB 2 before 2.0.18 Arbitrary Password Acceptance Vulnerability in HylaFAX 4.2.3 Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier: Remote Command Execution Buffer Overflow Vulnerability in Petris 1.0.1: Remote Code Execution SQL Injection Vulnerability in Phorum 5.0.0alpha through 5.0.20 Arbitrary Web Script Injection in XMB 1.9.3 u2u.php via Username Parameter SQL Injection Vulnerability in ibProArcade 2.5.2 and Earlier: Remote Code Execution via User Parameter World-executable SUID.cgi Scripts Vulnerability in F-Secure Internet Gatekeeper and Anti-Virus Linux Gateway Invision Power Board 2.1 Cross-Site Scripting (XSS) Vulnerability Directory Traversal Vulnerability in Task Manager in Invision Power Board (IP.Board) 2.0.1 Task Manager in Invision Power Board 2.0.1 - Direct Code Injection Vulnerability Arbitrary File Access Vulnerability in toendaCMS admin.php Sensitive Information Exposure in toendaCMS before 0.6.2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHPKIT 1.6.1 R2 and Earlier Multiple SQL Injection Vulnerabilities in PHPKIT 1.6.1 R2 and Earlier Multiple eval injection vulnerabilities in PHPKIT 1.6.1 R2 and earlier SQL Injection Vulnerabilities in PHPlist 2.10.1 and Earlier: Arbitrary SQL Command Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHPlist 2.10.1 and Earlier Arbitrary File Access Vulnerability in PHPlist 2.10.1 and Earlier Remote Code Execution Vulnerability in OSTE 1.0 via PHP File Inclusion in index.php Directory Traversal Vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 Bypassing Advanced Program Control and OS Firewall filters in ZoneAlarm 6.0 Privilege Escalation Vulnerability in HP-UX envd Daemon Unspecified Remote Code Execution Vulnerability in HP-UX Remshd Daemon Buffer Overflow Vulnerability in VERITAS Cluster Server for UNIX Authentication Bypass and Data Modification Vulnerability in IBM Tivoli Directory Server (ITDS) Denial of Service Vulnerability in IBM DB2 Content Manager via Corrupted Excel File Denial of Service Vulnerability in IBM DB2 Content Manager via LZH Files Unspecified Cross-Site Scripting (XSS) Vulnerability in Horde 2.2.9 and Earlier Arbitrary Local File Inclusion Vulnerability in CodeGrrl PHP Scripts SQL Injection Vulnerability in Peel 2.6-2.7: Remote Code Execution via rubid Parameter Denial of Service Vulnerability in Mailman 2.1.5-8 due to Improper Handling of UTF8 Character Encodings in Filenames of E-mail Attachments Arbitrary File Inclusion Vulnerability in iCMS index.php Arbitrary SQL Command Execution in Cyphor 0.19 and Earlier Remote Information Disclosure Vulnerability in Walla TeleSite 3.0 and Earlier Arbitrary Web Script Injection Vulnerability in Walla TeleSite 3.0 and Earlier SQL Injection Vulnerability in Walla TeleSite 3.0 and Earlier (ts.exe/ts.cgi) Arbitrary Local File Access in Walla TeleSite 3.0 and Earlier Privilege Escalation via Portage Temporary Build Directory in QDBM Privilege Escalation via Shared Object in GDAL Privilege Escalation via Shared Object in ImageMagick Denial of Service Vulnerability in Java Runtime Environment and Software Development Kit Arbitrary Web Script Injection Vulnerability in PhpWebThings 1.4.4 SQL Injection Vulnerability in PhpWebThings 1.4.4: Remote Code Execution via forum parameter in forum.php Information Disclosure Vulnerability in Mambo 4.5.2 through 4.5.2.3 Improper Boundary Checks in ClamAV's petite.c Vulnerability SQL Injection Vulnerability in Advanced Guestbook 2.2 Allows Remote Code Execution and Privilege Escalation Buffer Overflow Vulnerability in FileZilla Server Terminal 0.9.4d Buffer Overflow Vulnerability in getgrouplist Function in glibc Memory Access Vulnerability in Macromedia Flash Plugin Path Disclosure Vulnerability in CuteNews 1.4.0 and Earlier Remote Code Execution in game_score.php via HTTP POST in e107 Default Blank Password Vulnerability in Microsoft Windows XP Home Edition ASPKnowledgebase SQL Injection Vulnerability in adminlogin.asp CSRF Vulnerability in VMware ESX Server Management Interface Arbitrary Web Script Injection in VMware ESX Management Interface Cleartext Password Storage in VMware ESX Server Management Interface CRLF Injection Vulnerability in phpMyAdmin before 2.6.4-pl4 Allows HTTP Response Splitting Attacks Path Disclosure Vulnerability in phpMyAdmin 2.7.0-beta1 and Earlier NFS Filesystem ACL Bypass Vulnerability Heap Corruption via Integer Overflows and Underflows in CCITTFaxStream Function Denial of Service Vulnerability in Xpdf Streams Denial of Service Vulnerability in Xpdf's FlateDecode Stream Handling Arbitrary Code Execution Vulnerability in Xpdf's Stream.cc Buffer Overflow in JBIG2Bitmap Function in Xpdf Allows Arbitrary Code Execution Privilege Escalation Vulnerability in initscripts of Red Hat Enterprise Linux 4 Sensitive Information Disclosure in Fedora Directory Server via IFRAME Element Improper Permissions in udev Allows Local Users to Obtain Sensitive Data Arbitrary Code Execution Vulnerability in pnmtopng in netpbm 10.0 and Earlier Arbitrary HTML Header Injection Vulnerability in SAP Web Application Server (WAS) Arbitrary Logout and Redirection Vulnerability in SAP Web Application Server (WAS) Cross-Site Scripting (XSS) Vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 Arbitrary Web Script Injection Vulnerability in SAP Web Application Server (WAS) 6.10 Arbitrary Script Injection in Ekinboard 1.0.3 via Profile ID and Post Titles osTicket Help Center Live Module File Inclusion Vulnerability Buffer Overflow Vulnerabilities in FTGate4 IMAP Groupware Mail Server Bypassing Authentication in Oracle Databases on Windows XP with Simple File Sharing Enabled Authentication Bypass Vulnerability in IBM Informix Dynamic Database Server Bypassing Authentication and Unauthorized Access to IBM DB2 Database Server on Windows XP Denial of Service Vulnerability in PNP_GetDeviceList (UPnP) Information Disclosure Vulnerability in phpAdsNew and phpPgAds 2.0.6 SQL Injection Vulnerabilities in phpAdsNew and phpPgAds 2.0.6 Vulnerability: Bypassing Folder Guard Protections via Temporary Files Directory SQL Injection Vulnerabilities in Moodle 1.5.2's get_record Function in datalib.php Remote URL Redirection Vulnerability in jumpto.php in Moodle 1.5.2 Remote Code Execution Vulnerability in CodeSupport.ocx ActiveX Control Stack-based Buffer Overflow in OSPF Protocol Dissector in Ethereal 0.10.12 Citrix Program Neighborhood Client 9.0 Heap-Based Buffer Overflow Vulnerability Heap-based Buffer Overflow in iGateway Service for CA iTechnology Products Heap Corruption Vulnerability in Blue Coat Systems Inc. WinProxy Heap-based Buffer Overflow in Novell Open Enterprise Server Remote Manager Arbitrary Code Execution via Format String Vulnerabilities in mod_auth_pgsql Arbitrary File Creation and Modification Vulnerability in McAfee VirusScan Security Center Multiple Heap-Based Buffer Overflows in EMC Legato NetWorker and Related Backup Software Denial of Service Vulnerability in nsrd.exe in EMC Legato NetWorker and Other Backup Software Denial of Service Vulnerability in Linux Kernel 2.4 and 2.6 Authentication Bypass and Configuration Modification in Dell TrueMobile 2300 Wireless Broadband Router Off-by-one Buffer Overflow in pnmtopng Allows for Denial of Service and Possible Code Execution Unquoted Windows Search Path Vulnerability in Kaspersky Anti-Virus 5.0 Heap-based Buffer Overflow in Kaspersky Anti-Virus Engine via Crafted CHM File Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin before 2.7.0 Unspecified Format String Vulnerabilities in Multiple IKEv1 Implementations Unspecified Denial of Service Vulnerabilities in Multiple IKEv1 Implementations Unspecified Buffer Overflow Vulnerabilities in Multiple IKEv1 Implementations Unspecified Denial of Service Vulnerabilities in Cisco IKEv1 Implementation Unspecified Denial of Service Vulnerabilities in HP-UX, HP Jetdirect, and HP Tru64 UNIX Denial of Service Vulnerability in IKEv1 Implementation in Openswan 2 and Freeswan in SUSE LINUX 9.1 Denial of Service Vulnerability in Stonesoft StoneGate Firewall's IKEv1 Implementation Denial of Service Vulnerability in Check Point Products' IKEv1 Implementation Denial of Service Vulnerability in Sun Solaris IKEv1 Implementation TCP Optimistic ACK Denial of Service Vulnerability Arbitrary SQL Command Execution in PhpWebThings 1.4.4 via download.php Buffer Overflow in RealPlayer 10 and 10.5 via Crafted Image in RJS File Denial of Service Vulnerability in Google Talk with Email Notification SQL Injection Vulnerability in ActiveCampaign 1-2-All Broadcast Email: Bypass Authentication and Remote Code Execution Arbitrary File Read/Inclusion Vulnerability in XOOPS 2.2.3 Arbitrary SQL Command Execution in XOOPS WF-Downloads Module 2.05 via viewcat.php Multiple SQL Injection Vulnerabilities in Wizz Forum 1.20 Stack-based Buffer Overflow in freeFTPd 1.0.9 with Logging Enabled Buffer Overflow Vulnerabilities in freeFTPd 1.0.8: Denial of Service and Remote Code Execution Arbitrary Web Script Injection Vulnerability in VP-ASP Shopping Cart 5.50 SQL Injection Vulnerability in Unclassified NewsBoard 1.5.3 Patch 4: Remote Code Execution via search.inc.php Arbitrary Account Cancellation Vulnerability in WHM AutoPilot 2.5.30 and Earlier Arbitrary Web Script Injection in XMB 1.9.3 and Earlier via Your Current Mood Field Information Disclosure Vulnerability in XMB 1.9.2: Obtaining Installation Path via Invalid fid Parameter in post.php Stack-based Buffer Overflow in MailEnable IMAP Service Arbitrary Mail Directory Creation and Renaming Vulnerability in MailEnable IMAP Service Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier Remote Code Execution Vulnerability in AxWebRemoveCtrl ActiveX Control Denial of Service Vulnerability in centericq 4.20.0-r3 Arbitrary Script Injection Vulnerability in LiteSpeed Web Server 2.1.5 Arki-DB 1.0 and 2.0 SQL Injection Vulnerability Authentication Bypass Vulnerability in Uresk Links 2.0 Lite Administration Interface Bypassing Authentication in PHP Easy Download via edit.php URL Spoofing Vulnerability in Opera Web Browser 8.50 and 8.0 through 8.0.2 Unspecified Arbitrary Code Execution Vulnerability in iodbcadmintool Unspecified Privilege Escalation Vulnerability in Mac OS X Server 10.3.9 and 10.4.3 Arbitrary File Download Vulnerability in Safari for Mac OS X and OS X Server Log Spoofing Vulnerability in Mac OS X and OS X Server 10.4 through 10.4.3 Heap-based Buffer Overflow in WebKit Allows Remote Code Execution Heap-based Buffer Overflow in LibSystem in Mac OS X 10.4 through 10.4.5 Buffer Overflow Vulnerability in Apple Quicktime 7.0.4 and Earlier Versions Arbitrary Code Execution via Integer Overflow in Apple Quicktime Integer Underflow in Apple Quicktime TGA Image Processing Arbitrary Code Execution via Integer Overflow in Apple Quicktime Integer Overflow in Apple Quicktime TIFF Image Processing Heap-based Buffer Overflow in Rsync Allows Remote Code Execution via Extended Attributes Heap-based Buffer Overflow in Apple Quicktime: Remote Code Execution via Crafted GIF Image Denial of Service Vulnerability in Apple AirPort Express and AirPort Extreme Unauthenticated Access to VxWorks Debugger in Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 Hard-coded Public Credentials Vulnerability in UTStarcom F1000 VOIP WIFI Phone s2.0 Default Credentials Vulnerability in UTStarcom F1000 VOIP WIFI Phone s2.0 Vulnerability: Unauthenticated Remote Command Execution via rlogin on UTStarcom F1000 VOIP WIFI Phone s2.0 Hard-coded Administrator Password Vulnerability in Hitachi IP5000 VOIP WIFI Phone 1.5.6 Sensitive Information Disclosure in Hitachi IP5000 VOIP WIFI Phone 1.5.6 HTTP Server Unauthenticated Remote Configuration Modification in Hitachi IP5000 VOIP WIFI Phone 1.5.6 Arbitrary SNMP Credential Access in Hitachi IP5000 VOIP WIFI Phone 1.5.6 Vulnerability: Insecure Configuration Settings in Hitachi IP5000 VOIP WIFI Phone 1.5.6 Undocumented UDP Port 9090 Vulnerability in Zyxel P2000W Version 1 VOIP WIFI Phone Hardcoded DNS Server Vulnerability in Zyxel P2000W Version 1 VOIP WIFI Phone Interspire ArticleLive NX 0.3 SQL Injection Vulnerability SQL Injection Vulnerability in Revize CMS debug/query_results.jsp Insufficient Access Control in Idetix Software Systems Revize CMS Allows Remote Information Disclosure Sensitive Information Disclosure in Idetix Software Systems Revize CMS Multiple Cross-Site Scripting (XSS) Vulnerabilities in Idetix Software Systems Revize CMS Unspecified Vulnerability in yaSSL Before 1.0.6: Certificate Chain Processing Denial of Service Vulnerability in IKEv1 Implementation in racoon IKEv1 Implementation Vulnerability in Juniper Routers Arbitrary Web Script Injection in phpMyFAQ 1.5.3 and Earlier Add Content Page Multiple SQL Injection Vulnerabilities in e-Quick Cart Multiple Cross-Site Scripting (XSS) Vulnerabilities in e-Quick Cart Buffer Overflow in SVG Importer of Inkscape 0.41 through 0.42.2 Allows Remote Code Execution Remote PHP File Inclusion Vulnerability in Mambo Site Server 4.0.14 and Earlier Path Disclosure Vulnerability in PHP-Fusion 6.00.206 and Earlier SQL Injection Vulnerabilities in PHP-Fusion 6.00.206 and Earlier Password Verification Bypass Vulnerability in Almond Classifieds Arbitrary Web Script Injection Vulnerability in Advanced Poll 2.0.3 and Earlier SQL Injection Vulnerability in SimplePoll's results.php Allows Remote Code Execution SQL Injection Vulnerability in phpComasy 0.7.5 and Earlier (index.php) Apache Struts 1.2.7 Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in APBoard's thread.php Allows Remote Code Execution Remote Code Disclosure Vulnerability in Jetty Server SQL Injection Vulnerability in Tru-Zone Nuke ET 3.2 Search Module Unspecified Absolute Path Vulnerabilities in IBM AIX Diagela Command Remote Code Execution via Shell Metacharacters in Opera on Linux and Unix Systems HTTP Request Smuggling Vulnerability in Pound before 1.9.4: Cache Poisoning, WAF Bypass, and XSS Attacks Unspecified LDAPDiff Path Construction Vulnerability Denial of Service Vulnerability in Linux Kernel's IPSec Packet Handling Arbitrary JavaScript Injection via Google Mini Search Appliance Google Mini Search Appliance Directory Traversal Vulnerability Remote Port Scanning Vulnerability in Google Mini Search Appliance Remote Code Execution and Information Disclosure in Saxon XSLT Parser Arbitrary JavaScript Injection via Proxystylesheet Variable in Google Mini Search Appliance Cross-Site Scripting (XSS) Vulnerabilities in Horde MIME Viewers Double Free Vulnerability in BBOORB Module of IBM WebSphere Application Server for z/OS 5.0: Denial of Service (ABEND) Arbitrary Script Injection in Exponent CMS 0.96.3 and Later Versions SQL Injection Vulnerability in Exponent CMS Navigation Module Sensitive Information Disclosure in Exponent CMS 0.96.3 and Later Versions Unvalidated MIME Type Check in Exponent CMS Image Gallery Component Arbitrary Code Execution Vulnerability in Exponent CMS 0.96.3 and Later Versions Insufficient Access Control in Exponent CMS Allows Unauthorized Access to Sensitive User Pages Arbitrary PHP File Upload and Execution in Exponent CMS 0.96.3 and Later Versions Buffer Overflow in Symantec Dynamic VPN Services Allows Remote Code Execution Arbitrary SQL Command Execution in PHP Download Manager 1.1.3 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP-Post (PHPp) 1.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Joomla! before 1.0.4 Multiple SQL Injection Vulnerabilities in Joomla! before 1.0.4 Unspecified Vulnerability in Joomla! Media Component File Management Functions Denial of Service Vulnerability in Cisco PIX 6.3 and 7.0 Arbitrary File Inclusion Vulnerability in PollVote's pollvote.php Cross-Site Scripting (XSS) Vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 Remote Code Execution in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 via Modified Inbox Form Fields Unspecified Denial of Service Vulnerability in MyBulletinBoard (MyBB) Unspecified Privilege Escalation Vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 Buffer Overflow Vulnerabilities in IPUpdate 1.1: Arbitrary Code Execution Denial of Service Vulnerability in in.named in Solaris 9 Bypassing Login and Reboot Vulnerability in Mac OS X 10.4.3 - 10.4.6 Denial of Service Vulnerability in Linux Kernel 2.6 before 2.6.14.2 Dangling Ptrace Reference Vulnerability in Linux Kernel 2.6 Second-order symlink vulnerability in Ebuild IndeX (eix) before 0.5.0_pre2 Unrestricted Access to Remote Diagnostics in Novell ZENworks Multiple Cross-Site Scripting (XSS) Vulnerabilities in phpMyAdmin before 2.6.4-pl4 Failover Denial of Service Vulnerability in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4) Directory Traversal Vulnerabilities in phpwcms 1.2.5 Cross-Site Scripting (XSS) Vulnerabilities in phpwcms 1.2.5 act_newsletter.php Arbitrary HTML Header Injection Vulnerability in phpAdsNew and phpPgAds Multiple SQL Injection Vulnerabilities in PHP-Nuke 7.8 Search Module Multiple SQL Injection Vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 Sensitive Information Disclosure in AlstraSoft Affiliate Network Pro 7.2 Cross-Site Scripting (XSS) Vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 Remote File Inclusion Vulnerability in AlstraSoft Template Seller Pro 3.25: Arbitrary PHP Code Execution SQL Injection Vulnerability in AlstraSoft Template Seller Pro 3.25: Remote Code Execution via Username Field Sensitive Information Disclosure in phpBB 2.0.18 via Large SQL Query Weak Encryption Algorithm in Macromedia Contribute Publishing Server (CPS) Allows Password Disclosure Reduced Key Derivation Function (KDF) in CounterPane PasswordSafe 1.x and 2.x Vulnerability Unauthenticated Remote Access Vulnerability in Belkin F5D7232-4 and F5D7230-4 Wireless Routers Hard-coded SNMP Community Strings in Cisco IP Phone 7920 1.0(8) Vulnerability: Cisco IP Phone (VoIP) 7920 1.0(8) VxWorks Debugger Remote Information Disclosure and Denial of Service SMP Locking Vulnerability in POSIX Timer Cleanup Handling in Linux Kernel 2.6.10 to 2.6.14 IPv6 Flow Label Handling Code Vulnerability Memory Leak in VFS File Lease Handling in Linux Kernels 2.6.10 to 2.6.15 Denial of Service Vulnerability in Linux Kernel 2.6.11 to 2.6.14 Denial of Service Vulnerability in nfattr_to_tcp Function in Linux Kernel 2.6.14 up to 2.6.14.3 Denial of Service Vulnerability in Linux Kernel 2.6.14 up to 2.6.14.3 Arbitrary File Overwrite Vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and Earlier Denial of Service Vulnerability in freeFTPd 1.0.10 via Missing Arguments in PORT Command Denial of Service Vulnerability in MailEnable Professional and Enterprise IMAP Service SmartPPC Pro Multiple Cross-Site Scripting (XSS) Vulnerabilities SQL Injection Vulnerability in Orca Forum 4.3b and Earlier: Remote Code Execution via msg Parameter SQL Injection Vulnerabilities in freeForum 1.1 and Earlier: Remote Code Execution Multiple SQL Injection Vulnerabilities in Softbiz Web Host Directory Script 1.1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in vTiger CRM 4.2 and Earlier SQL Injection Vulnerabilities in vTiger CRM 4.2 and Earlier: Bypass Authentication and Arbitrary Command Injection in HelpDesk Module Arbitrary File Inclusion and Remote Code Execution in vTiger CRM 4.2 and Earlier Arbitrary Web Script Injection in vTiger CRM 4.2 and Earlier SQL Injection Vulnerabilities in vTiger CRM 4.2 and Earlier Arbitrary PHP Code Execution in vTiger CRM 4.2 and Earlier Arbitrary File Upload Vulnerability in vTiger CRM 4.2 and Earlier SQL Injection Vulnerability in Comdev Vote Caster 3.1 and Earlier Multiple SQL Injection Vulnerabilities in Ezyhelpdesk 1.0 SQL Injection Vulnerability in product_cat Parameter in AgileBill 1.4.92 and Earlier ActiveCampaign KnowledgeBuilder 2.4 and Earlier: SQL Injection Vulnerability in index.php Denial of Service (CPU Consumption) Vulnerability in ActiveCampaign KnowledgeBuilder 2.4 and Earlier Arbitrary File Inclusion Vulnerability in ActiveCampaign SupportTrio 1.4 and Earlier Stack-based buffer overflow in CxZIP60.dll and CxZIP60u.dll in SpeedProject products allows arbitrary code execution via a malicious ZIP archive. Arbitrary Code Execution Vulnerability in SpeedProject Products via Long Filename in ZIP Archive Arbitrary SQL Command Execution in Tunez 1.21 and Earlier via songinfo.php Arbitrary Web Script Injection in Tunez 1.21 and Earlier (CVE-XXXX-XXXX) DeskLance 2.3 PHP Remote File Inclusion Vulnerability SQL Injection Vulnerability in DeskLance 2.3 and Earlier: Remote Code Execution via announce Parameter Arbitrary Script Injection in sCssBoard Search Module SQL Injection Vulnerabilities in IsolSoft Support Center 2.2 and Earlier SupportPRO Supportdesk Cross-Site Scripting (XSS) Vulnerability SQL Injection Vulnerability in Omnistar Live 5.2 and Earlier (CVE-2005-3240) Arbitrary Script Injection in kPlaylist 1.6 (build 400) SQL Injection Vulnerability in pdjk-support Suite 1.1a and Earlier SQL Injection Vulnerability in faq.php in Nicecoder iDesk 1.0 SQL Injection Vulnerability in phpWordPress PHP News and Article Manager 3.0 SQL Injection Vulnerability in invoices.php in EZ Invoice Inc 2.0 Arbitrary SQL Command Execution in Fantastic News 2.1.1 and Earlier Denial of Service Vulnerability in Linux Kernel's handle_stop_signal Function DST Leak in icmp_push_reply: Memory Consumption Vulnerability PmWiki Search Module Cross-Site Scripting (XSS) Vulnerability Arbitrary Script Injection Vulnerability in OKBSYS Lite Edition 1.0 Arbitrary Web Script Injection Vulnerability in OASYS Lite 1.0 Search Function SQL Injection Vulnerability in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 SQL Injection Vulnerability in sNews 1.3 and Earlier: Remote Code Execution via snews.php Arbitrary Web Script Injection Vulnerability in EasyPageCMS index.php SQL Injection Vulnerability in process.php in 1-2-3 Music Store: Remote Code Execution via AlbumID Parameter Clear-text Password Storage in Krusader's Popular URL Capability Denial of Service Vulnerability in Linux Kernel's time_out_leases Function Memory Leak in ip6_input_finish Function in Linux Kernel 2.6.12 and Earlier Q-News 2.0 q-news.php Remote File Inclusion Vulnerability Remote File Inclusion Vulnerability in Oliver May Athena PHP Website Administration 0.1a Remote File Inclusion Vulnerability in phpGreetz 0.99 and Earlier: Arbitrary PHP Code Execution Buffer Overflow Vulnerability in unalz Allows Remote Code Execution via Long File Names in ALZ Archives Stack-based Buffer Overflow in kkstrtext.h in ktools Library 0.3 and Earlier: Arbitrary Code Execution Vulnerability SQL Injection Vulnerability in SourceWell 1.1.2 and Earlier (index.php) SQL Injection Vulnerability in AllWeb Search 3.0 and Earlier: Remote Code Execution via index.php Arbitrary HTML and Script Injection in SearchFeed Search Engine 1.3.2 and Earlier Cross-Site Scripting (XSS) Vulnerability in RevenuePilot Search Engine Script 1.2.0 and Earlier Multiple SQL Injection Vulnerabilities in K-Search 1.0 and Earlier Arbitrary Script Injection via Hex-encoded Values in Google API Search 1.3.1 and Earlier SQL Injection Vulnerabilities in edmoBBS 0.9 and Earlier: Remote Code Execution Multiple SQL Injection Vulnerabilities in Joels Bulletin Board (JBB) 0.9.9rc3 and Earlier Multiple SQL Injection Vulnerabilities in Ugroup 2.6.2 and Earlier SQL Injection Vulnerability in ShockBoard 3.0 and 4.0: Remote Code Execution via offset Parameter in topic.php SQL Injection Vulnerability in Netzbrett 1.5.1 and Earlier: Remote Code Execution via p_entry Parameter SQL Injection Vulnerabilities in Enterprise Connector 1.0.2 and Earlier: Remote Code Execution SQL Injection Vulnerabilities in ADC2000 NG Pro 1.2 and NG Pro Lite SQL Injection Vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and Earlier Arbitrary File Access Vulnerability in PHP Doc System 1.5.1 and Earlier Multiple SQL Injection Vulnerabilities in Softbiz Resource Repository Script 1.1 and Earlier SQL Injection Vulnerabilities in Omnistar KBase 4.0 and Earlier: Remote Code Execution SQL Injection Vulnerability in AtlantisFAQ Knowledge Base Software 2.03 and Earlier: Remote Code Execution via search.php SQL Injection Vulnerability in FAQSystems FAQRing Knowledge Base Software 3.0 and Earlier: Remote Code Execution via id Parameter in answer.php CRLF Injection Vulnerability in mb_send_mail Function in PHP SQL Injection Vulnerabilities in Zainu 2.0 and Earlier: Remote Code Execution via Search Action Inkscape ps2epsi.sh Local File Overwrite Vulnerability Privilege Escalation Vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 on Windows Systems Vulnerability: Denial of Service and Unauthorized Port Writing in Gadu-Gadu 7.20 Memory Leak Vulnerability in Gadu-Gadu 7.20: Remote Denial of Service via DCC Packets Denial of Service Vulnerability in Gadu-Gadu 7.20 via Multiple DCC Packets Denial of Service Vulnerability in Gadu-Gadu 7.20 via Large Number of gg: URIs Gadu-Gadu 7.20 Stack-based Buffer Overflow Vulnerability Remote Eavesdropping Vulnerability in Gadu-Gadu 7.20 via EasycallLite.oce ActiveX Control Multiple SQL Injection Vulnerabilities in Open Ticket Request System (OTRS) Cross-Site Scripting (XSS) Vulnerabilities in OTRS index.pl Arbitrary Web Script Execution in OTRS Attachment Download Mozilla Denial of Service Vulnerability via Javascript BODY onload Event Denial of Service Vulnerability in Apple Safari 2.0.2 via Javascript BODY onload Event BenjiBug: Exploiting Google Talk's Automatic Update for Denial of Service RTMP Data Validation Vulnerability in Macromedia Breeze Communication Server and Breeze Live Server RTMP Data Validation Vulnerability in Macromedia Flash Communication Server MX 1.0 and 1.5 Arbitrary Web Script Injection Vulnerability in VHCS 2.2.0 through 2.4.6.2 Buffer Overflow Vulnerability in uidadmin in SCO Unixware 7.1.3 and 7.1.4 Unspecified Remote Code Execution Vulnerability in Java Management Extensions (JMX) Unspecified vulnerability in Java SDK and JRE allows remote attackers to escape sandbox and access arbitrary files or execute arbitrary applications Unspecified Reflection API Vulnerabilities in Java SDK and JRE Unspecified Remote Code Execution Vulnerability in Java Runtime Environment Cross-site Scripting (XSS) Vulnerability in GhostScripter Amazon Shop 5.0.0 and Earlier Versions SQL Injection Vulnerability in Post Affiliate Pro 2.0.4 and Earlier: Remote Code Execution via sortorder Parameter Arbitrary Local File Inclusion Vulnerability in Post Affiliate Pro 2.0.4 and Earlier SQL Injection Vulnerabilities in BosDates 4.0 and Earlier: Remote Code Execution via calendar.php Format String Vulnerability in Webmin and Usermin Perl Web Servers Domain Alias Hijacking Vulnerability in VHCS 2.4.6.2 Multiple SQL Injection Vulnerabilities in AFFcommerce 1.1.4 IKEv1 Implementation Vulnerability in Clavister Client Web Arbitrary SQL Command Execution in WSN Forum 1.21 via memberlist.php SQL Injection Vulnerability in UserSession Parameter of CommodityRentals 2.0 Online Rental Business Creator Script Multiple SQL Injection Vulnerabilities in OvBB 0.08a Arbitrary Web Script Injection in PBLang 4.65 UCP.php and SendPm.php SQL Injection Vulnerability in Babe Logger 2: Remote Code Execution via gal and id Parameters Cisco IOS Web Server Cross-Site Scripting (XSS) Vulnerability Heap-based Buffer Overflow in Panda Software Antivirus Library Allows Remote Code Execution via Crafted ZOO Archive Sensitive Information Disclosure in NetObjects Fusion 9 (NOF9) via Rollbacklog.xml File SQL Injection Vulnerability in Randshop's kategorie/index.php Multiple SQL Injection Vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and Earlier Remote Code Execution via Direct Static Code Injection in GuppY 4.5.9 and Earlier Directory Traversal Vulnerabilities in GuppY 4.5.9 and Earlier Buffer Overflow Vulnerability in phgrafx in QNX 6.2.1 and 6.3.0 Directory Traversal Vulnerability in Xaraya 1.0's create function in xarMLSXML2PHPBackend.php SQL Injection Vulnerability in N-13 News 1.2: Remote Code Execution via id Parameter in index.php ASP-Rider 1.6 Default.asp SQL Injection Vulnerability Arbitrary SQL Command Execution in O-Kiraku Nikki 1.3 and Earlier SQL Injection Vulnerability in 88Script's Event Calendar 2.0 and Earlier: Remote Code Execution via m Parameter Buffer Overflow Vulnerability in Symantec pcAnywhere 11.0.1 and 11.5.1 SQL Injection Vulnerability in SocketKB 1.1.0 and Earlier: Remote Code Execution via Node and Art_id Parameters Arbitrary Local File Inclusion Vulnerability in SocketKB 1.1.0 and Earlier SQL Injection Vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and Earlier SQL Injection Vulnerability in Softbiz FAQ Script 1.1 and Earlier Multiple SQL Injection Vulnerabilities in WSN Knowledge Base 1.2.0 and Earlier SQL Injection Vulnerability in Orca Ringmaker 2.3c and Earlier: Remote Code Execution via ringmaker.php SQL Injection Vulnerability in Orca Blog 1.3b and Earlier: Remote Code Execution via msg Parameter Arbitrary SQL Command Execution in Orca Knowledgebase 2.1b and Earlier SQL Injection Vulnerabilities in ilyav FAQ System 1.1 and Earlier SQL Injection Vulnerability in ilyav Survey System 1.1 and Earlier: Remote Code Execution via SURVEY_ID Parameter Predictable Hash Vulnerability in SynAttackProtect in Microsoft Windows 2003 and Windows 2000 Denial of Service Vulnerability in Opera 8.50 via Java Applet Arbitrary File Read Vulnerability in PHP Upload Center Arbitrary File Read Vulnerability in PHPAlbum 0.2.3 and Earlier Multiple SQL Injection Vulnerabilities in WebCalendar 1.0.1 Denial of Service Vulnerability in NuFW 1.0.x and 1.1 SQL Injection Vulnerability in PHP Labs Survey Wizard SQL Injection Vulnerability in PHP Labs Top Auction 1.0: Remote Code Execution SQL Injection Vulnerability in Bedeng PSP 1.1 Arbitrary Web Script Injection Vulnerability in blogBuddies 0.3 Cross-Site Scripting (XSS) Vulnerabilities in MagpieRSS 7.1 SQL Injection Vulnerabilities in DMANews 0.904 and 0.910 Unspecified Trackback Vulnerability in DotClear 1.2.1 SQL Injection Vulnerability in Entergal MX 2.0 index.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in FreeWebStat 1.0 rev37 Denial of Service Vulnerability in Kadu 0.4.2 and 0.5.0pre Arbitrary File Overwrite Vulnerability in WebCalendar 1.0.1 Format String Vulnerability in Perl_sv_vcatpvfn DotClear 1.2.3 - SQL Injection Vulnerability in session.php Buffer Overflow Vulnerabilities in libUil (libUil.so) in OpenMotif 2.2.3 Arbitrary Web Script Injection in Java Search Engine (JSE) 0.9.34 via search.jsp Arbitrary Web Script Injection Vulnerability in Atlassian Confluence 2.0.1 Build 321 SQL Injection Vulnerability in PHPX 3.5.9 and Earlier: Bypass Authentication and Arbitrary Code Execution SQL Injection Vulnerability in MXChange 0.2.0-pre10 PL492: Remote Code Execution Arbitrary Web Script Injection Vulnerability in MXChange before 0.2.0-pre10 PL492 Arbitrary Web Script Injection in Citrix MetaFrame Secure Access Manager and NFuse Elite Login Form Arbitrary Web Script Injection Vulnerability in Extreme Search Corporate Edition 6.0 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 User Profile Privilege Bypass in Drupal 4.5.0 - 4.5.5 and 4.6.0 - 4.6.3 Arbitrary Web Script Injection via File Interpretation Conflict in Drupal 4.5.0 - 4.5.5 and 4.6.0 - 4.6.3 SQL Injection Vulnerability in type.asp in Multiple DUware Products XSS Vulnerability in QualityEBiz Quality PPC 1553 Search Module Multiple SQL Injection Vulnerabilities in NetClassifieds Premium, Professional, Standard, and Free Editions Unauthenticated Remote Information Disclosure in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta SQL Injection Vulnerability in Edgewall Trac Ticket Query Module Vulnerability: Local Privilege Escalation via CreateRemoteThread Function in Microsoft Windows XP, 2000, and 2003 CRLF Injection Vulnerability in WebCalendar 1.0.1 Allows HTTP Response Splitting Attacks Denial of Service Vulnerability in HP Systems Insight Manager (SIM) 4.0 and 4.1 SQL Injection Vulnerability in WebCalendar 1.0.1 via time_range Parameter in edit_report_handler.php Denial of Service and Arbitrary Code Execution Vulnerability in Astaro Security Linux IKEv1 Implementation SQL Injection Vulnerabilities in Instant Photo Gallery 1 and Earlier Multiple SQL Injection Vulnerabilities in Tradesoft CMS SQL Injection Vulnerability in Pineapple Technologies Lore 1.5.4: Remote Code Execution via article.php Avaya TN2602AP IP Media Resource 320 Circuit Pack Memory Leak Vulnerability Cross-Site Scripting (XSS) Vulnerabilities in phpMyChat 0.14.6 Buffer Overflow Vulnerabilities in WinEggDropShell RAT 1.7 Unspecified Denial of Service Vulnerabilities in MailEnable Professional and Enterprise Format String Vulnerability in OBEX Server Allows Remote Code Execution SQL Injection Vulnerability in Zen Cart 1.2.6d and Earlier: admin/password_forgotten.php Information Disclosure Vulnerability in Zen Cart 1.2.6d and Earlier Arbitrary Web Script Injection in Solupress News 1.0 and Earlier Arbitrary Web Script Injection Vulnerability in SiteBeater MP3 Catalog 2.03 and Earlier Arbitrary Web Script Injection Vulnerability in SiteBeater News System 4.00 and Earlier SQL Injection Vulnerabilities in phpYellowTM Pro and Lite Edition 5.33 Shared Secret Key Vulnerability in WebEOC Versions Prior to 6.0.2 Multiple SQL Injection Vulnerabilities in ASPS Shopping Cart Professional and Lite MyTemplateSite 1.2 XSS Vulnerability in search.asp SQL Injection Vulnerability in messages.php in PHP-Fusion 6.00.109 Authentication Bypass Vulnerability in SAPID CMS before 1.2.3.03 Unspecified Vulnerabilities in SAPID CMS Before 1.2.3.03 with Unknown Impact and Attack Vectors SQL Injection Vulnerability in Jax Calendar 1.34 SQL Injection Vulnerabilities in PHP Lite Calendar Express 2.2 and Earlier SQL Injection Vulnerability in KBase Express 1.0.0 and Earlier: Remote Code Execution SQL Injection Vulnerability in Codewalkers ltwCalendar Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP Web Statistik 1.4 Insufficient Access Control in PHP Web Statistik 1.4 Allows Remote Information Disclosure Denial of Service Vulnerability in PHP Web Statistik 1.4 via stat.php Log File Filling Vulnerability in PHP Web Statistik 1.4 SQL Injection Vulnerability in Widget Property 1.1.19: Remote Code Execution via property.php Parameters Path Disclosure Vulnerability in Widget Property 1.1.19 SQL Injection Vulnerability in Landshop Real Estate Commerce System 0.6.3 and Earlier SQL Injection Vulnerability in Relative Real Estate Systems 1.02 and Earlier: Remote Code Execution via mls Parameter SQL Injection Vulnerability in Widget Imprint 1.0.26 and Earlier: Remote Code Execution via product_id Parameter Insufficient Access Control in Gallery 2.0 Installer XSS Vulnerability in Gallery 2.0 Add Image From Web Feature Unspecified File Reading Vulnerability in Gallery 2.0 Interspire FastFind XSS Vulnerability Unprotected install.php in Help Desk Reloaded Free Help Desk allows privilege escalation Sensitive Information Disclosure in Geeklog 1.4.x and 1.3.x via Invalid Date Parameters SQL Injection Vulnerability in SimpleBBS 1.1: Remote Code Execution Cross-Site Scripting (XSS) Vulnerabilities in aMember Information Disclosure: Username Enumeration in WebEOC Login Page SQL Injection Vulnerability in Quicksilver Forums Allows Remote Code Execution via HTTP_USER_AGENT Header Eval Injection Vulnerability in MediaWiki 1.5.x before 1.5.3 Arbitrary Web Script Injection in Easy Search System 1.1 and Earlier Improper Protection of evl_data Directory in Nodezilla 0.4.13-corno-fulgure Multiple SQL Injection Vulnerabilities in Web4Future eDating Professional 5 Multiple SQL Injection Vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and Earlier Arbitrary Web Script Injection in Web4Future KeyWord Frequency Counter 1.0 SQL Injection Vulnerability in Web4Future Affiliate Manager PRO 4.1 and Earlier SQL Injection Vulnerability in comentarii.php in Web4Future Portal Solutions News Portal Arhiva.php Directory Traversal Vulnerability in Web4Future Portal Solutions News Portal SQL Injection Vulnerability in FileLister 0.51 and Earlier: Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x Arbitrary Web Script Injection Vulnerability in Warm Links 1.0.0 and Earlier SQL Injection Vulnerability in Hobosworld HobSR 1.0 and Earlier: Remote Code Execution via view.php Amazon Search Directory 1.0.0 and Earlier XSS Vulnerability in search.cgi Unspecified vulnerability in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain Top-Level Administrator default password Man-in-the-Middle Vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Arbitrary Web Script Injection Vulnerability in IISWorks ASPKnowledgeBase 2.0 Heap-based buffer overflow in avcodec_default_get_buffer function SQL Injection Vulnerabilities in Blog System 1.2 Buffer Overflow in Multi-Tech Systems MultiVOIP Devices Allows Remote Code Execution via Long SIP INVITE Field Multiple Voting Vulnerability in e107 0.6174 Remote Redirect Vulnerability in e107 0.6174 coWiki 0.3.4 Cross-Site Scripting (XSS) Vulnerability in q Parameter PluggedOut Blog 1.9.5 SQL Injection Vulnerability SQL Injection Vulnerability in Cars Portal 1.1 and Earlier: Remote Code Execution via index.php SQL Injection Vulnerability in PluggedOut Nexus 0.1 search.php PluggedOut Nexus 0.1 search.php Cross-site Scripting (XSS) Vulnerability Remote Code Execution via SQL Injection in SaralBlog 1 and Earlier SQL Injection Vulnerability in LocazoList 1.03c and Earlier: Remote Code Execution via searchdb.asp Arbitrary Web Script Injection Vulnerability in rwAuction Pro 4.0 and 5.0 Arbitrary Script Injection in PASearch.asp in XcPhotoAlbum 1.x Arbitrary Web Script Injection Vulnerability in XcClassified 3.x CPSearch.asp NetAuctionHelp 3.0 and Earlier: Multiple Cross-Site Scripting (XSS) Vulnerabilities in search.asp SQL Injection Vulnerabilities in A-FAQ 1.0: Remote Code Execution SQL Injection Vulnerability in Edgewall Trac Search Module Weak Encryption of FTP Usernames and Passwords in Total Commander 6.53 Unspecified Absolute Path Vulnerability in umountall in IBM AIX 5.1 through 5.3 Insecure Permissions in SunnComm MediaMax DRM 5.0.21.0 Allow Privilege Escalation SQL Injection Vulnerabilities in CFMagic Magic Forum Personal 2.5 and Earlier CFMagic Magic Forum Personal 2.5 XSS Vulnerability in search_forums.cfm Arbitrary SQL Command Execution in CFMagic Magic List Pro 2.5 via view_archive.cfm Arbitrary Local File Inclusion Vulnerability in CF_Nuke 4.6 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in CF_Nuke 4.6 and Earlier Buffer Overflow in Appfluent Technology Database IDS 2.0 via Long APPFLUENT_HOME Environment Variable Off-by-one buffer overflow vulnerability in cURL library (libcurl) 7.11.2 through 7.15.0 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Ideal BB.NET 1.3 and Earlier Remote Code Execution via register_globals Emulation in phpMyAdmin 2.7.0 rc1 Cross-Site Scripting (XSS) Vulnerability in Horde IMP 4.0.4 and Earlier SQL Injection Vulnerabilities in Alisveristr E-commerce: Bypass Authentication and Arbitrary SQL Execution Privilege Escalation Vulnerability in QNX 4.25 VMware DHCP Client Program Arbitrary File Read Vulnerability in eXtreme Styles phpBB Module Information Disclosure Vulnerability in phpBB eXtreme Styles Module Buffer Overflow Vulnerability in BlueCoat WinProxy and ProxyAV Directory Traversal Vulnerability in SugarCRM 4.0 Beta and Earlier Remote File Inclusion Vulnerability in SugarCRM 4.0 beta and Earlier: acceptDecline.php SQL Injection Vulnerability in phpForumPro 2.2: Remote Code Execution via index.php CSS Cross-Domain Information Disclosure Vulnerability in Microsoft Internet Explorer Unspecified Remote Vulnerability in HP-UX IPSEC Arbitrary Web Script Injection Vulnerability in 1-Script 1-Search 1.8 Multiple Heap-Based Buffer Overflows in Apple QuickTime Player and iTunes Bypassing Security Policies in Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 Arbitrary PHP Execution via Image File Upload in DoceboLMS 2.0.4 Directory Traversal Vulnerability in DoceboLMS 2.0.4's FCKeditor Addon Unverifiable Pre-release Vulnerability in RealPlayer Allows Arbitrary Code Execution Unverifiable, Prerelease Vulnerability in RealPlayer Allows Remote Code Execution Memory Corruption Vulnerability in Microsoft Excel 2000, 2002, and 2003 Unspecified PHP Remote File Include Vulnerability in Contenido before 4.6.4 Information Disclosure Vulnerability in Sun Update Connection in Sun Solaris 10 Title: Denial of Service Vulnerability in Mozilla Firefox, Netscape, and K-Meleon Arbitrary Command Execution via Host Header in SimpleBBS 1.1 and Earlier Arbitrary Web Script Injection in DRZES HMS 3.2 Login Page SQL Injection Vulnerability in DRZES HMS 3.2 - Remote Code Execution via viewinvoice.php Multiple Cross-Site Scripting (XSS) Vulnerabilities in ThWboard before 3 Beta 2.84 Multiple SQL Injection Vulnerabilities in ThWboard before 3 Beta 2.84 SQL Injection Vulnerability in Website Baker 2.6.0 Admin Login SQL Injection Vulnerabilities in ASPMForum Arbitrary Command Execution via Line Wrap in Lyris ListManager Web Interface Lyris ListManager 5.0 through 8.9a SQL Injection Vulnerability SQL Injection Vulnerability in Lyris ListManager 5.0 through 8.9a Weak Password Configuration in MSDE Version of Lyris ListManager 5.0 through 8.9b Information Disclosure Vulnerability in Lyris ListManager Arbitrary Source Code Disclosure in Lyris ListManager 8.9b Sensitive Information Disclosure in Lyris ListManager 8.5 and Earlier Versions Information Disclosure Vulnerability in Lyris ListManager 8.8 through 8.9b Cross-Site Scripting (XSS) Vulnerability in CleverPath 4.7 Portal Login Page File Slack Space Vulnerability in PGP Desktop Home and Professional Versions 8.0 to 9.0.3 Remote Control Vulnerability in Soti Pocket Controller-Professional 5.0 Denial of Service Vulnerability in Mailman 2.1.4 through 2.1.6 Arbitrary Code Execution Vulnerability in PEAR Installer SQL Injection Vulnerability in registration.PHP in ATutor 1.5.1 pl2 Arbitrary File Read and Denial of Service Vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9) Authentication Bypass Vulnerability in Kerio WinRoute Firewall Arbitrary Library File Execution Vulnerability in Sudo SQL Injection Vulnerability in Simple Machines Forum (SMF) 1.1 rc1 and Earlier Directory Traversal Vulnerability in Torrential 1.2's getdox.php Allows Remote File Reading Multiple Cross-Site Scripting (XSS) Vulnerabilities in MilliScripts 1.4 Redirect Script ACME PerlCal 2.99.20 - Cross-Site Scripting (XSS) Vulnerability in cal_make.pl Arbitrary File Read Vulnerability in Captcha PHP 0.9 SQL Injection Vulnerability in PHP-Addressbook 1.2: Remote Code Execution via id Parameter in view.php Multiple SQL Injection Vulnerabilities in ASP-DEV ASP Resources Forum Arbitrary Web Script Injection Vulnerability in DUWare DUportal Pro 3.4.3 eFiction 1.0 and 1.1 - Cross-Site Scripting (XSS) Vulnerability in titles.php SQL Injection Vulnerabilities in eFiction 1.0, 1.1, and 2.0 Multiple SQL Injection Vulnerabilities in eFiction 1.0 eFiction 1.1 SQL Injection Vulnerability in viewuser.php Arbitrary PHP Code Execution via Image Upload in eFiction 1.1 Path Disclosure Vulnerability in eFiction 1.0, 1.1, and 2.0 Sensitive Information Disclosure in eFiction 1.0, 1.1, and 2.0 via phpinfo.php Unrestricted Access to eFiction Utility Scripts Insyde BIOS V190 Keyboard Buffer Vulnerability Keyboard Buffer Leakage Vulnerability Arbitrary Web Script Injection Vulnerability in Magic Book Personal and Professional 2.0 Buffer Overflow Vulnerability in Dropbear Server 0.47 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Horde Kronolith H3 before 2.0.6 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Horde Application Framework before 3.0.8 Cross-Site Scripting (XSS) Vulnerabilities in Horde Nag Task List Manager H3 before 2.0.4 Cross-Site Scripting (XSS) Vulnerabilities in Horde Mnemo Note Manager H3 before 2.0.3 UseBB before 0.7 Cross-Site Scripting (XSS) Vulnerability via $_SERVER['PHP_SELF'] Buffer Overflow Vulnerability in Sights 'n Sounds Streaming Media Server 2.0.3.a Multiple SQL Injection Vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and Earlier Arbitrary Command Execution via Tunnelform.yaws in Nortel SSL VPN 4.2.1.6 SQL Injection Vulnerability in Netref 3.0 index.php (cat parameter) Multiple SQL Injection Vulnerabilities in MyBulletinBoard (MyBB) before 1.0 Unspecified Vulnerabilities in MyBulletinBoard (MyBB) before 1.0 Directory Traversal Vulnerability in My Album Online 1.0 Multiple Directory Traversal Vulnerabilities in LogiSphere 0.9.9j Unrestricted Message Sending Vulnerability in LogiSphere 0.9.9j Arbitrary Javascript Injection Vulnerability in LogiSphere 0.9.9j LocazoList 1.03c and Earlier: Cross-Site Scripting (XSS) Vulnerability in searchdb.asp URL Redirection and Phishing Vulnerability in Blackboard Learning and Community Portal System BTGrup Admin WebController Script SQL Injection Vulnerability Arbitrary File Access Vulnerability in Flatnuke 2.5.6 Cross-Site Scripting (XSS) Vulnerability in Alt-N MDaemon 8.1.3 WorldClient Webmail Denial of Service Vulnerability in Opera with IME Installed Remote File Inclusion Vulnerability in phpCOIN 1.2.2 Allows Arbitrary Code Execution Arbitrary File Read Vulnerability in phpCOIN 1.2.2 SQL Injection Vulnerability in phpCOIN 1.2.2 mod.php Path Disclosure Vulnerability in phpCOIN 1.2.2 Denial of Service Vulnerability in Motorola SB5100E Cable Modem Denial of Service Vulnerability in Macromedia Flash Media Server 2.0 r1145 Privilege Escalation Vulnerability in Perl on Apple Mac OS X Server 10.3.9 SQL Injection Vulnerability in PHPWebThings 1.4 forum.php (msg parameter) Cleartext Storage of Credentials in setting.php File in Innovative CMS (ICMS) Denial of Service Vulnerability in Netgear RP114 and Other Devices via SYN Flood Attack Arab Portal System 2 Beta 2 - SQL Injection Vulnerability in link.php Arbitrary Web Script Injection in Lars Ellingsen Guestserver 4.13 and Earlier Multiple SQL Injection Vulnerabilities in Utopia News Pro (UNP) 1.1.4 Multiple SQL Injection Vulnerabilities in e107 0.7 Multiple SQL Injection Vulnerabilities in myBloggie 2.1.3 Beta Multiple SQL Injection Vulnerabilities in phpWebThings 1.4 Patched Multiple SQL Injection Vulnerabilities in DCP-Portal 6.1.1 Multiple SQL Injection Vulnerabilities in PhpWebGallery Cross-Site Scripting (XSS) Vulnerability in EveryAuction 1.53 and Earlier SQL Injection Vulnerability in poll.php in Link Up Gold 2.5 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Link Up Gold 2.5 and Earlier SQL Injection Vulnerability in Jamit Job Board 2.4.1 and Earlier: Remote Code Execution via cat Parameter SQL Injection Vulnerability in Ad Manager Pro 2.0 and Earlier: Remote Code Execution via ad_number Parameter SQL Injection Vulnerability in EncapsGallery 1.0.0 and Earlier: Remote Code Execution via gallery.php Arbitrary Script Injection in WHMCompleteSolution 2.1 and Earlier CKGOLD search.php Cross-site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in MySQL Auction 3.0 and Earlier Arbitrary Web Script Injection Vulnerability in Mantis 1.0.0rc3 and Earlier Arbitrary Script Injection in PHP JackKnife 2.21 and Earlier via Search/DisplayResults.php SQL Injection Vulnerability in VCD-db 0.98 and Earlier: Remote Code Execution via 'by' Parameter Arbitrary Web Script Injection Vulnerability in VCD-db 0.98 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Horde Turba H3 2.0.4 and Earlier Multiple SQL Injection Vulnerabilities in QuickPayPro 3.1 SQL Injection Vulnerability in Snipe Gallery 3.1.4 and Earlier: Remote Code Execution Arbitrary Web Script Injection in Snipe Gallery 3.1.4 and Earlier SQL Injection Vulnerability in Plogger Beta 2 and Earlier: Remote Code Execution Arbitrary Web Script Injection Vulnerability in Plogger Beta 2 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in QuickPayPro 3.1 Sensitive Information Exposure in ADP Forum 2.0 through 2.0.3 Arbitrary File Read Vulnerability in mcGallery PRO 2.2 and Earlier Multiple SQL Injection Vulnerabilities in mcGallery PRO 2.2 and Earlier Arbitrary Web Script Injection in mcGallery PRO 2.2 and Earlier Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 DreamLevels DreamPoll 3.0 Final - SQL Injection Vulnerability in view_Results.php Arbitrary Script Injection in WikkaWiki 1.1.6.0 TextSearch Vulnerability Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 Denial of Service Vulnerability in Linksys WRT54GS and BEFW11S4 Routers Denial of Service Vulnerability in Unspecified Cisco Catalyst Switches Multiple SQL Injection Vulnerabilities in ASPBB 0.4 Cross-Site Scripting (XSS) Vulnerability in PHP-Nuke 7.9 and later Unspecified Vulnerability in Positive Software Corporation CP+ (cpplus) Before 2.5.5 Cross-site scripting (XSS) vulnerability in Envolution News Module SQL Injection Vulnerability in News Module of Envolution Multiple SQL Injection Vulnerabilities in PHP Support Tickets 2.0 Session Hijacking Vulnerability in Alt-N MDaemon and WorldClient 8.1.3 Stack-based Buffer Overflow in Qualcomm WorldMail 3.0 Buffer Overflow Vulnerability in cpio 2.6-8.FC4 on 64-bit Platforms Denial of Service Vulnerability in mshtml.dll Buffer Overflow Vulnerability in Watchfire AppScan QA 5.0.609 and 5.0.134 IBM AIX 5.3 Malloc Debug System Buffer Overflow Vulnerability Remote Code Execution Vulnerabilities in IBM AIX 5.1, 5.2, and 5.3 Arbitrary File Append Vulnerabilities in IBM AIX 5.3 Denial of Service Vulnerability in Business Objects WebIntelligence 6.5x Denial of Service Vulnerability in Scientific Atlanta DPX2100 Cable Modem Denial of Service Vulnerability in Westell Versalink 327W Arbitrary Web Script Injection Vulnerability in toendaCMS 0.7 Beta Privilege Escalation via Untrusted Search Path Vulnerability in Perl on Gentoo Linux Privilege escalation vulnerability in Qt-UnixODBC on Gentoo Linux Privilege escalation vulnerability in CMake on Gentoo Linux Zaygo HostingCart 2.0 XSS Vulnerability Zaygo DomainCart 2.0 XSS Vulnerability Arbitrary Script Injection Vulnerability in The CITY Shop 1.3 and Earlier Arbitrary Script Injection in StaticStore Search Engine 1.189A and Earlier Arbitrary Web Script Injection in Dick Copits PDEstore 1.8 and Earlier Arbitrary Profile Access Vulnerability in PhpLogCon before 1.2.2 Arbitrary Code Execution via PHP Remote File Include in MarmaraWeb E-commerce Arbitrary Script Injection in MarmaraWeb E-commerce index.php Arbitrary Web Script Injection Vulnerability in eDatCat 0.3 Arbitrary Web Script Injection Vulnerability in ECW-Cart 2.03 and Earlier Arbitrary Web Script Injection in ECTOOLS Onlineshop 1.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in CommerceSQL 1.0 and Earlier Arbitrary Web Script Injection Vulnerability in ClickCartPro (CCP) 5.1 and Earlier Arbitrary Web Script Injection in Alkacon OpenCms Login Page Cross-Site Scripting (XSS) Vulnerability in Absolute Image Gallery XE 2.x Denial of Service Vulnerability in AppServ Open Project 2.5.3 Arbitrary Web Script Injection Vulnerability in bbBoard 2.56 and Earlier Arbitrary Web Script Injection in AtlantForum 4.02 and Earlier Arbitrary Web Script Injection Vulnerability in Atlant Pro 4.02 and Earlier Arbitrary Code Execution via Format String Vulnerability in libremail 1.1.0 and Earlier Arbitrary Web Script Injection Vulnerability in phpXplorer 0.9.12 and Earlier Arbitrary File Inclusion Vulnerability in ezDatabase 2.1.2 and Earlier SQL Injection Vulnerability in ezDatabase 2.1.2 and Earlier: Remote Code Execution via db_id Parameter Sensitive Information Disclosure in ezDatabase 2.1.2 and Earlier via Invalid cat_id Parameter Edgewall Trac 0.9, 0.9.1, and 0.9.2 Cross-Site Scripting (XSS) Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in SiteNet BBS 2.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in ScareCrow 2.13 and Earlier Arbitrary File Inclusion Vulnerability in ezUpload Pro 2.2 and Earlier SQL Injection Vulnerability in ezUpload Pro 2.2 and Earlier Vulnerability: SSH Tectia Server 5.0.0 Allows Unauthorized Access with Incorrect Host-Based Authentication Credentials Arbitrary Web Script Injection Vulnerability in DCForum AlmondSoft Almond Classifieds 5.02 - SQL Injection Vulnerability in index.php AlmondSoft Almond Personals 4.05 index.php SQL Injection Vulnerability Arbitrary Web Script Injection in PPCal Shopping Cart 3.3.0 and Earlier SQL Injection Vulnerability in Plexum PLEXCART X3 Search Function Denial of Service Vulnerability in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 Remote Code Execution and Cross-Site Scripting Vulnerability in Limbo CMS 1.0.4.2 and Earlier SQL Injection Vulnerability in Limbo CMS 1.0.4.2 and Earlier: Remote Code Execution via _SERVER[REMOTE_ADDR] Parameter Directory Traversal Vulnerability in Limbo CMS 1.0.4.2 and Earlier: Arbitrary PHP File Inclusion Information Disclosure Vulnerability in Limbo CMS 1.0.4.2 and Earlier Denial of Service Vulnerability in Apani Networks EpiForce 1.9 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Hitachi Cosminexus and Groupmax Collaboration Portals and Web Client Denial of Service Vulnerability in Hitachi Cosminexus Collaboration Portal, Groupmax Collaboration Portal, and Groupmax Collaboration Web Client SMTP Denial of Service Vulnerability in Hitachi Groupmax Mail Unspecified Vulnerabilities in Driverse before 0.56b with Unknown Impact and Attack Vectors Cleartext Communication Vulnerability in APC PowerChute Network Shutdown Multiple Cross-Site Scripting (XSS) Vulnerabilities in Michael Arndt WebCal 1.11-3.04 Arbitrary Script Injection via ID Parameter in Webglimpse 2.14.1 and Earlier SQL Injection Vulnerability in paFileDB.php in PHP Arena paFileDB Extreme Edition RC 5 and Earlier SQL Injection Vulnerability in iHTML Merchant Mall's browse.ihtml SQL Injection Vulnerability in iHTML Merchant Version 2 Pro Cisco Clean Access Secure Smart Manager Authentication Bypass and Denial of Service Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Binary Board System (BBS) 0.2.5 and Earlier SQL Injection Vulnerability in ZixForum 1.12: Remote Code Execution via H_ID Parameter Denial of Service Vulnerability in ProjectForum 4.7.0 and Earlier Arbitrary Web Script Injection in ProjectForum 4.7.0 and Earlier Authentication Bypass Vulnerability in Blackboard Learning and Community Portal System Privilege Escalation Vulnerability in Blackboard Learning and Community Portal System Blackboard Learning and Community Portal System XSS Vulnerability in announcement.pl Information Disclosure: Listing of All Available Categories in Blackboard Learning and Community Portal System Adobe ColdFusion Sandbox Security Bypass Vulnerability CFMAIL Injection Vulnerability in Adobe ColdFusion MX 6.0-7.0 Local Privilege Escalation in Adobe ColdFusion MX 7.0 ColdFusion MX 7.0 API Exposes Administrator Password Hash Vulnerability Path Disclosure Vulnerability in phpBB Blog 2.2.2 and earlier Vulnerability: Unauthorized Access to Host System Files in Linux 2.4 Kernel Patch Denial of Service Vulnerability in Fetchmail SQL Injection Vulnerability in phpMyAdmin 2.7.0 Unspecified Denial of Service Vulnerability in WBEM Services on HP-UX Vulnerability: Bypassing Immutable File Settings through Filesystem Masking Time Wrap Vulnerability: Bypassing Time Setting Restrictions in NetBSD and Linux SQL Injection Vulnerability in toendaCMS 0.6.2.1: Remote Code Execution via id Parameter Arbitrary Script Injection Vulnerability in Webglimpse 2.14.1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in UStore SQL Injection Vulnerability in UStore: Remote Code Execution via Username and Password Fields Arbitrary JavaScript Injection via XSS Vulnerability in phpBB 2.0.18 Information Disclosure Vulnerability in phpBB 2.0.18 via admin_disallow.php Arbitrary SQL Command Execution in ODFaq 2.1.0 Arbitrary Code Execution Vulnerability in IIS 5.1 on Windows XP SP2 Arbitrary Script Injection in Magnolia Content Management Suite 2.1's search.html SQL Injection Vulnerability in Komodo CMS 2.1 page.php Allows Remote Code Execution Komodo CMS 2.1 Search Engine XSS Vulnerability Arbitrary Script Injection in Hot Banana Web Content Management Suite 5.3 Multiple Cross-Site Scripting (XSS) Vulnerabilities in FLIP 0.9.0.1029 Multiple SQL Injection Vulnerabilities in DRZES HMS 3.2 Cross-Site Scripting (XSS) Vulnerability in DRZES HMS 3.2 and CONTROLzx 3.3.4 Path Disclosure Vulnerability in Roundcube Webmail Alpha Arbitrary Web Script Injection Vulnerability in Acuity CMS 2.6.2 SQL Injection Vulnerability in Acidcat 2.1.13 and Earlier: Remote Code Execution via main_content.asp Insufficient Access Control in Acidcat 2.1.13 and Earlier Allows Remote Information Disclosure Arbitrary Web Script Injection Vulnerability in AWF 2.10 and Earlier Path Disclosure Vulnerability in Adaptive Website Framework (AWF) 2.10 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Allinta 2.3.2 and Earlier Amaxus 3 and Earlier Cross-Site Scripting (XSS) Vulnerability via change Parameter Amaxus 3 Directory Traversal Vulnerability Arbitrary Web Script Injection in Baseline CMS 1.95 and Earlier SQL Injection Vulnerability in Baseline CMS 1.95 and Earlier: Remote Code Execution via Page.asp Multiple Cross-Site Scripting (XSS) Vulnerabilities in Bitweaver 1.1 and 1.1.1 Beta Multiple SQL Injection Vulnerabilities in Bitweaver 1.1 and 1.1.1 Beta Cross-Site Scripting (XSS) Vulnerabilities in Caravel CMS 3.0 Beta 1 and Earlier SQL Injection Vulnerability in CitySoft Community Enterprise 4.x CitySoft Community Enterprise 4.x Cross-Site Scripting (XSS) Vulnerability Information Disclosure Vulnerability in CitySoft Community Enterprise 4.x Arbitrary Web Script Injection Vulnerability in Cofax 2.0 RC3 and Earlier Arbitrary Web Script Injection Vulnerability in Colony CMS 2.75 and Earlier Arbitrary Web Script Injection Vulnerability in contenite 0.11 and Earlier Arbitrary Web Script Injection via near Parameter in CONTENS 3.0 and Earlier Path Disclosure Vulnerability in CONTENS 3.0 and Earlier via search.cfm Parameters SQL Injection Vulnerability in ContentServ 3.1 and Earlier: Remote Code Execution via StoryID Parameter in index.php Unspecified Cross-Site Scripting (XSS) Vulnerability in Damoon Arbitrary SQL Command Execution Vulnerability in e-publish CMS 2.0 and Earlier Arbitrary Web Script Injection in e-publish CMS 2.0 and Earlier EPiX 3.1.2 XSS Vulnerability in Search Query Parameters Unspecified Cross-Site Scripting (XSS) Vulnerability in FarCry 3.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in iCMS Admin Panel SQL Injection Vulnerability in RunScript.asp iCMS Disputed Cross-Site Scripting (XSS) Vulnerability in lemoon 2.0 and Earlier Arbitrary Script Injection in Libertas Enterprise CMS 3.0 and Earlier Arbitrary Web Script Injection Vulnerability in Liferay Portal Enterprise 3.6.1 and Earlier Lutece 1.2.3 XSS Vulnerability in Search Parameters Buffer Overflow Vulnerability in MailEnable Professional and Enterprise Versions Marwel 2.7 and Earlier: Remote SQL Injection Vulnerability in index.php SQL Injection Vulnerability in Media2 CMS Shop 18.x Default.asp Path Disclosure Vulnerability in redqueen.cgi SQL Injection Vulnerability in Mercury CMS 4.0 and Earlier: Remote Code Execution via index.cfm Arbitrary Web Script Injection in Mercury CMS 4.0 and Earlier Multiple SQL Injection Vulnerabilities in Miraserver 1.0 RC4 and Earlier Arbitrary Web Script Injection Vulnerability in MMBase 1.7.4 and Earlier Arbitrary Web Script Injection Vulnerability in NQcontent 3 Remote Code Execution Vulnerability in Mercury Mail Transport System 4.01b via Buffer Overflow Plaintext Password Caching Vulnerability in Citrix Program Neighborhood Client Multiple Cross-Site Scripting (XSS) Vulnerabilities in IBM WebSphere Application Server 6 Unspecified Menu Security Bug in Teamwork 3 before Alpha 1.7 Arbitrary Web Script Injection Vulnerability in TML CMS 0.5 Arbitrary SQL Command Execution in TML CMS 0.5 via index.php Null Authentication and Authorization Values in Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and Earlier: Remote Audio Eavesdropping Vulnerability Default Policy Trusts Unknown Capabilities in util-vserver for Debian GNU/Linux Multiple SQL Injection Vulnerabilities in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 Arbitrary Script Injection in Honeycomb Archive Enterprise 3.0 Directory Traversal Vulnerability in Dev-Editor 3.0 Arbitrary Code Execution via Unrestricted File Upload in toendaCMS Unrestricted File Upload Vulnerability in PHPFM Allows Remote Code Execution Directory Traversal Vulnerability in PHPKIT 1.6.1 R2 and Earlier Denial of Service Vulnerability in Kerio WinRoute Firewall before 6.1.3 via RTSP Streams Remote Code Execution via HTML Injection in YaBB (CVE-2005-3312) Multiple SQL Injection Vulnerabilities in Cerberus Helpdesk Cerberus Helpdesk index.php XSS Vulnerability CS-Cart 1.3.0 SQL Injection Vulnerability in index.php SQL Injection Vulnerability in LogicBill 1.0 and Earlier: Remote Code Execution via helpdesk.php Parameters SQL Injection Vulnerability in WowBB 1.65 via q parameter in search.php Arbitrary Web Script Injection Vulnerability in PlaySMS 0.8 Arbitrary Script Injection in Esselbach Storyteller CMS 1.8 Search Field AbleDesign ReSearch 2.x Cross-Site Scripting (XSS) Vulnerability Cross-Site Scripting (XSS) Vulnerability in AbleDesign D-Man 3.x index.php Denial of Service Vulnerability in Cisco IOS EIGRP Implementation MD5 Neighbor Authentication Vulnerability in Cisco IOS EIGRP Heap-based Buffer Overflow in Dec2Rar.dll 3.2.14.3 Buffer Overflow Vulnerability in ELOG elogd 2.6.0-beta4 Double-Tagging VLAN Jumping Attack MAC Spoofing PVLAN Jumping Attack: Bypassing Network Segmentation via PVLAN Protocol Privilege Escalation via Untrusted Search Path Vulnerability in OpenLDAP Privilege Escalation via Untrusted Search Path Vulnerability in Gauche on Gentoo Linux Stack-based Buffer Overflow in Pegasus Mail Trace Message Functionality Buffer overflow vulnerability in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote code execution via long email message header Arbitrary Web Script Injection Vulnerability in ASPBite 8.x SQL Injection Vulnerability in phpCOIN 1.2.2 via rec_next Parameter Insecure Authentication Verification in FlatNuke 2.5.6 Arbitrary PHP File Modification Vulnerability in FlatNuke 2.5.6 CSRF Vulnerability in phpMyAdmin 2.7.0 Allows Unauthorized Actions Unspecified Remote Access Vulnerability in HP-UX Software Distributor Insufficient Access Control in Information Call Center's CallCenterData.mdb Database Allows Remote Information Disclosure Privilege Escalation Vulnerability in Ultraapps Issue Manager 2.1 Cross-Site Scripting (XSS) Vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005 Cross-Site Scripting (XSS) vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 Buffer Overflow Vulnerabilities in MailEnable Professional and Enterprise Versions Remote Code Execution and Denial of Service Vulnerability in MailEnable Enterprise 1.1 Privilege Escalation via Insecure Variable Reset in Metadot Portal Server Heap-based Buffer Overflow in VMWare NAT Networking Components Arbitrary Script Injection in Beehive Forum 0.6.2 and Earlier SQL Injection Vulnerability in Beehive Forum 0.6.2 and Earlier: Remote Code Execution via user_sess Parameter Remote Code Execution via PHP File Include in Tolva PHP Website System 0.1.0 Information Disclosure Vulnerability in WordPress 1.5.2 and earlier Denial of Service Vulnerability in Ingate Firewall and SIParator IKEv1 Implementation Vulnerability in NEC UNIVERGE IX1000, IX2000, and IX3000 Heap-based Buffer Overflow in SIPParser Function in Interaction SIP Proxy PHPGedView 3.3.7 and Earlier Directory Traversal Vulnerability Arbitrary Code Execution via PHPGedView 3.3.7 Remote File Include Vulnerability Multiple Direct Static Code Injection Vulnerabilities in PHPGedView 3.3.7 and Earlier Heap-based Buffer Overflow in Blender BlenLoader 2.0 through 2.40pre Denial of Service Vulnerability in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and Earlier Macromedia JRun 4 Web Server Stack-Based Buffer Overflow Vulnerability Unspecified vulnerability in Macromedia JRun 4 web server allows remote attackers to view web application source code via a malformed URL Buffer Overflow in WinRAR 3.51 Add to Archive Command OpenCms 6.0.3 and Earlier Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in OpenEdit 4.0 and Earlier Arbitrary Web Script Injection in papaya CMS 4.0.4 and Earlier Multiple SQL Injection Vulnerabilities in Papoo 2.1.2 and Earlier SQL Injection Vulnerability in phpSlash 0.8.1 and Earlier: Remote Code Execution via story_id Parameter Arbitrary Web Script Injection Vulnerability in Plexcor CMS 4.0 and Earlier Unspecified Cross-Site Scripting (XSS) Vulnerability in Polopoly 9 and Earlier Arbitrary Web Script Injection in PortalApp 3.3 and Earlier via login.asp Cross-Site Scripting (XSS) Vulnerability in SiteEnable 3.3 and Earlier via login.asp Multiple Cross-Site Scripting (XSS) Vulnerabilities in IntranetApp 3.3 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in ProjectApp 3.3 and Earlier SQL Injection Vulnerability in Quantum Art QP7.Enterprise Cross-Site Scripting (XSS) Vulnerability in RAMSite R|1 CMS 1.0 and Earlier via searchfield Parameter Multiple Cross-Site Scripting (XSS) Vulnerabilities in Redakto WCMS 3.2 and Earlier Arbitrary Web Script Injection in Scoop 1.1 RC1 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in SCOOP! 2.3 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Sitekit CMS 6.6 and Earlier Arbitrary Web Script Injection in Starphire SiteSage 5.0.18 and Earlier Arbitrary Web Script Injection Vulnerability in SpearTek 6.0 and Earlier Cross-Site Scripting (XSS) Vulnerability in SPIP 1.8.2 and Earlier SQL Injection Vulnerability in SpireMedia mx7 index.cfm Arbitrary Web Script Injection in SyntaxCMS Search Functionality Arbitrary Web Script Injection in Tangora Portal CMS 4.0 and Earlier Text-e 1.6.4 and Earlier Cross-Site Scripting (XSS) Vulnerability Vulnerability: Privilege Escalation via Downloadable RADIUS ACLs in Cisco PIX and VPN 3000 Concentrators SQL Injection Vulnerability in MusicBox 2.3 Allows Remote Code Execution Cross-Site Scripting (XSS) Vulnerability in MediaWiki before 1.5.4 Arbitrary Web Script Injection in httprint v202 and Earlier Versions Denial of Service Vulnerability in httprint v202 and Earlier Versions Denial of Service Vulnerability in khtml::RenderTableSection::ensureRows Function Unquoted Windows Search Path Privilege Escalation Vulnerability in McAfee VirusScan Enterprise 8.0i and CMA 3.5 Cleartext Storage of Credentials in Nexus Concepts Dev Hound 2.24 and Earlier Arbitrary Web Script Injection in Nexus Concepts Dev Hound 2.24 and Earlier Information Disclosure Vulnerability in Nexus Concepts Dev Hound 2.24 and Earlier SQL Injection Vulnerability in index.asp in pTools NetPublish Server 7 Directory Traversal Vulnerability Format String Vulnerability in TN3270 Resource Gateway 1.1.0 Arbitrary Web Script Injection Vulnerability in WAXTRAPP 3.0.1 and Earlier Arbitrary Web Script Injection in WANDSOFT e-SEARCH through XSS Vulnerability Case-Sensitive Token Bypass Vulnerability in Webwasher CSM Appliance Suite 5.x SQL Injection Vulnerability in WebDB 1.1 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in PHP-Fusion 6.00.200 - 6.00.300 Arbitrary SQL Command Execution in PHP-Fusion 6.00.200 through 6.00.300 File Upload Size Restriction Bypass in Mantis before 0.19.4 SQL Injection Vulnerabilities in Mantis 1.0.0rc3 and Earlier: Remote Code Execution Unspecified port injection vulnerability in Mantis 1.0.0rc3 and earlier CRLF Injection Vulnerability in Mantis 1.0.0rc3 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Mantis 1.0.0rc3 and Earlier Mantis 1.0.0rc3 and earlier: Private Bug Disclosure via Public RSS Feeds Vulnerability: Information Leak in Mantis 1.0.0rc3 via Make note private Privilege Escalation Vulnerability in Sygate Protection Agent 5.0 build 6144 Bypassing Filtering in Clearswift MIMEsweeper For Web Multiple SQL Injection Vulnerabilities in Direct News 4.9 Chatspot 2.0.0a7 Module for phpBB SQL Injection Vulnerability User Impersonation Vulnerability in Chatspot 2.0.0a7 Module for phpBB Multiple Cross-Site Scripting (XSS) Vulnerabilities in AlstraSoft EPay Enterprise 3.0 Local Privilege Escalation in scponly 4.1 and earlier Argument Injection Vulnerability in scponlyc Allows Arbitrary Application Execution Local Privilege Escalation via Symlink Attack in Bugzilla's Shadow Database Feature Arbitrary File Overwrite Vulnerability in Mail::Audit Module NetDirect ShopEngine search.asp XSS Vulnerability Path Disclosure Vulnerability in eggblog 2.0's search.php Arbitrary SQL Command Execution via Cross-Site Scripting (XSS) in eggblog 2.0 SQL Injection Vulnerability in RWS Statistics Counter 2.4.1 User Area Oracle Application Server (OracleAS) Discussion Forum Portlet Cross-Site Scripting (XSS) Vulnerability Remote Code Disclosure Vulnerability in OracleAS Discussion Forum Portlet Arbitrary Web Script Injection in SimpBook 1.0 Insecure Temporary File Creation in Sun Solaris PC NetLink 2.0 Buffer Overflow in Golden FTP Server 1.92 via Long APPE Command Multiple SQL Injection Vulnerabilities in DEV Web Management System 1.5 and Earlier Arbitrary Web Script Injection in DEV Web Management System 1.5 and Earlier Remote File Include Vulnerability in IceWarp Web Mail 5.5.1 Arbitrary Local File Inclusion Vulnerability in IceWarp Web Mail 5.5.1 Arbitrary PHP Code Execution in IceWarp Web Mail 5.5.1 Arbitrary File Access Vulnerability in IceWarp Web Mail 5.5.1 Arbitrary Code Execution Vulnerability in Windows GDI32.DLL via Crafted WMF Image SQL Injection Vulnerability in Enterprise Heart Enterprise Connector 1.0.2: Bypassing Login Authentication via loginid Parameter Denial of Service Vulnerability in ADTRAN NetVanta IKEv1 Implementation Format String Vulnerability in ADTRAN NetVanta IKEv1 Implementation Buffer Overflow in ADTRAN NetVanta IKEv1 Implementation Multiple Cross-Site Scripting (XSS) Vulnerabilities in FTGate Technology FTGate 4.4 (Build 4.4.000 Oct 26 2005) Format string vulnerabilities in FTGate Technology FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) Stack-based Buffer Overflow in FTGate Technology FTGate 4.4 Allows Remote Code Execution Denial of Service Vulnerability in Fortinet FortiOS, FortiClient, and FortiManager XSS Vulnerability in myEZshop Shopping Cart Allows Arbitrary Code Injection SQL Injection Vulnerabilities in myEZshop Shopping Cart Arbitrary Code Execution via PHP Remote File Include in Plogger Beta 2 Arbitrary Code Injection through Cross-Site Scripting (XSS) Vulnerability in PaperThin CommonSpot Content Server 4.5 and Earlier Information Disclosure Vulnerability in PaperThin CommonSpot Content Server 4.5 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Fatwire UpdateEngine 6.2 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Hitachi Business Logic - Container (BLC) Multiple SQL Injection Vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX HTTP Response Splitting Vulnerabilities in Hitachi Business Logic - Container (BLC) Day Communique 4 Cross-Site Scripting (XSS) Vulnerability in Search Query Parameter Buffer Overflow in Electric Sheep 2.6.3 Client Lack of Authentication and Integrity Checks in Electric Sheep 2.6.3 Unspecified Remote Code Execution Vulnerability in VMware ESX Server Management Interface Denial of Service Vulnerability in BZFlag Server 2.0.4 and Earlier Unspecified Denial of Service Vulnerability in GTP Dissector for Ethereal 0.9.1 to 0.10.13 Multiple SQL Injection Vulnerabilities in PHPSurveyor before 0.991 Denial of Service Vulnerability in Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 Koobi 5 Cross-Site Scripting (XSS) Vulnerability through Malformed URL BBCode Tags Plaintext Storage of Administrator Passcode in Spb Kiosk Engine 1.0.0.1 Bypassing Application Restrictions in Spb Kiosk Engine 1.0.0.1 Heap-based Buffer Overflow in bogofilter: Remote Code Execution Vulnerability Heap-based Buffer Overflow in bogofilter and bogolexer 0.96.2: Remote Code Execution Vulnerability PHP Remote File Inclusion Vulnerability in phpDocumentor 1.3.0 rc4 and Earlier Remote Code Execution Vulnerability in TUGZip 3.4.0.0 via ARJ Archive Filename RPATH Vulnerability in XnView and NView on Gentoo Linux AdesGuestbook 2.0 read.php XSS Vulnerability Arbitrary Script Injection in iPei Guestbook 1.7 via Email Field Arbitrary Script Injection in OoApp Guestbook 2.1 via home.php Arbitrary Script Injection Vulnerability in TinyMCE Compressor PHP Directory Traversal Vulnerability in TinyMCE Compressor PHP before 1.06 Arbitrary Command Execution Vulnerability in ImageMagick 6.2.4.5-0.3 Arbitrary SQL Command Execution via File Extension in MyBB 1.0.1 MyBB 1.0.1 and Earlier: Cross-Site Scripting (XSS) Vulnerability in printthread.php Buffer Overflow Vulnerability in MTink Allows Arbitrary Code Execution via Long HOME Environment Variable Kernel Memory Disclosure Vulnerability in Linux 2.6.14.3 and Earlier Versions SQL Injection Vulnerability in Multiple Web Wiz Products: Remote Code Execution via txtUserName Parameter in check_user.asp Arbitrary Web Script Injection in BugPort 1.147 and Earlier SQL Injection Vulnerability in BugPort 1.147 index.php Sensitive Information Disclosure in BugPort 1.147 and Earlier via Invalid Action Parameter Remote Code Execution via Format String Vulnerability in Dopewars Server SQL Injection Vulnerability in Free ClickBank 1.0 and Earlier: Remote Code Execution via search.php Multiple SQL Injection Vulnerabilities in VUBB Alpha RC1 Arbitrary Web Script Injection Vulnerability in VUBB Alpha RC1 User Edit Profile Multiple SQL Injection Vulnerabilities in digiSHOP 3.1.17 and Earlier Arbitrary SQL Command Execution in DapperDesk 3.0.1 and Earlier Remote Code Execution via SQL Injection in iSupport 1.06 index.php SQL Injection Vulnerability in tickets.php in cSupport 1.0 and Earlier Buffer Overflow Vulnerability in sysctl in Linux Kernel 2.6 before 2.6.15 SQL Injection Vulnerability in Zorum Forum 3.5 and Earlier: Remote Code Execution via rollid Parameter Buffer Overflow Vulnerability in WinRAR 3.50 and Earlier Arbitrary Script Injection via Remote Avatar URL in vBulletin 3.5.1 eFileGo 3.01 Directory Traversal Vulnerability Denial of Service (CPU Consumption) Vulnerability in eFileGo 3.01 via Invalid Directory Name Argument Denial of Service Vulnerability in PTnet ircd 1.5 and 1.6 via m_join Function Denial of Service Vulnerability in Unspecified Display Adapter Drivers Insufficient Access Control in Recruitment Software Allows Remote Information Disclosure Arbitrary Web Script Injection via lng Parameter in GmailSite and GFHost SQL Injection Vulnerability in HelpDeskPoint 2.38 and Earlier: Remote Code Execution via index.php SMBCMS 2.1 SQL Injection Vulnerability SQL Injection Vulnerability in ClientExec 2.3 index.php SQL Injection Vulnerability in Zina 0.12.07 and Earlier: Remote Code Execution via index.php SQL Injection Vulnerability in Vote! Pro 4.0 and Earlier: Remote Code Execution via poll_frame.php SQL Injection Vulnerability in ActiveCampaign SupportTrio 1.4 Denial of Service Vulnerability in Linux Kernel's nl_fib_input Function Bypassing Security Settings via Hyperlink Dialog in OpenOffice.org 2.0 and Earlier Multiple Cross-Site Scripting (XSS) Vulnerabilities in Kayako SupportSuite 3.00.26 and Earlier Path Disclosure Vulnerabilities in Kayako SupportSuite 3.00.26 and Earlier Buffer Overflow Vulnerability in TwinHan DST Frontend/Card Driver SQL Injection Vulnerability in Class-1 Poll Software 0.4 and Earlier: Remote Code Execution via index.php SQL Injection Vulnerability in eazyCMS 2.0 home.php Allows Remote Code Execution Multiple Cross-Site Scripting (XSS) Vulnerabilities in HydroBB 1.0.0 Beta 2 SQL Injection Vulnerability in Antharia OnContent // CMS index.php Arbitrary Script Injection via IMG SRC Attribute in Edgewall Trac 0.9.2 SQL Injection Vulnerability in index.php in 3CFR: Remote Code Execution via LangueID Parameter Arbitrary File Inclusion Vulnerability in PEARLINGER Pearl Forums 2.4 SQL Injection Vulnerabilities in PEARLINGER Pearl Forums 2.4 Buffer Overflow Vulnerability in Illustrate dBpowerAMP Music Converter 11.5 and Earlier Cross-Site Scripting (XSS) Vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 Unrestricted Search Mambots in Joomla! 1.03 Allow Denial of Service Attacks SQL Injection Vulnerability in AlstraSoft EPay Pro 2.0 index.php SQL Injection Vulnerability in PHlyMail 3.02.01: Remote Code Execution Authentication Bypass Vulnerability in AL-Caricatier 2.5 and Earlier Unspecified Remote Vulnerabilities in Oracle for OpenView (OfO) and OfO for Linux PHP-Fusion 6.0.204 submit.php Cross-Site Scripting (XSS) Vulnerability Arbitrary SQL Command Execution and Credential Retrieval in TClanPortal 1.1.3 and Earlier Authentication Bypass Vulnerability in Ocean12 Calendar Manager Pro 1.01 Cross-Site Scripting (XSS) Vulnerabilities in ASPKnowledgebase Administrative Interface World-readable permissions for backup.key file in IPCop Firewall before 1.4.10 allows privilege escalation and system configuration file overwrite Privilege Escalation via Race Condition in IPCop Firewall Unencrypted MySQL Password Leak in Campsite before 2.3.3 Multiple SQL Injection Vulnerabilities in OcoMon 1.20 and Earlier Versions Arbitrary Web Script Injection Vulnerability in OcoMon 1.20 SQL Injection Vulnerability in OcoMon 1.21 and Possibly Other Versions PunBB 1.2.6 XSS Vulnerability in Nested, Malformed BBcode URL Tags PHlyMail before 3.3 Beta1 Cross-Site Scripting (XSS) Vulnerability Buffer Overflow in UnZip 5.50 and Earlier Allows Arbitrary Code Execution via Long Filename Command Line Argument Arbitrary Command Execution Vulnerability in Embedded HSQLDB of ParosProxy SQL Injection Vulnerability in RTIS WebAdmin: Remote Execution of Arbitrary SQL Commands CityPost Automated Link Exchange (LNKX) message.php Cross-Site Scripting (XSS) Vulnerability Arbitrary Web Script Injection in CityPost Simple PHP Upload 5.3 Arbitrary Script Injection in CityPost Simple Image-Editor 0.52 Username Enumeration Vulnerability in ioFTPD 0.5.84 u SQL Injection Vulnerabilities in Complete PHP Counter's list.php Arbitrary Web Script Injection Vulnerability in Complete PHP Counter's list.php Buffer Overflow in Exiv2 0.9: Remote Denial of Service via Crafted IPTC Metadata SQL Injection Vulnerability in Additional Images Module of osCommerce URL Spoofing Vulnerability in Apple Safari 2.0.2 URL Spoofing Vulnerability in Internet Explorer 6 for Windows XP Service Pack 2 Arbitrary File and Data Hiding Vulnerability in Sophos Anti-Virus Buffer Overflow Vulnerability in mIRC DCC Get Folder Dialog Cross-Site Scripting (XSS) Vulnerability in AudienceView's error.asp Sensitive Information Disclosure in PADL MigrationTools 46 Cookie Hijacking via DNS Search-List Expansion in Konqueror Cookie Hijacking via DNS Search-List Expansion in Firefox and Mozilla Unspecified Sensitive Information Disclosure in PunBB 1.2.9 and F-ART BLOG:CMS IP Address Spoofing Vulnerability in PunBB 1.2.9 and F-ART BLOG:CMS Unauthenticated Email Address Change Vulnerability in PunBB 1.2.9 Cookie-based Account Hijacking in Six Apart Movable Type 3.16 Arbitrary File Creation and Overwrite Vulnerability in Six Apart Movable Type 3.16 Symlink Attack Vulnerability in NetBSD, X.Org, and XFree86 Unspecified Cookie Vulnerability in mroovca stats (mroovcastats) before 0.4.5b Denial of Service Vulnerability in Gaim-Encryption 2.38-1 on Debian Linux Arbitrary Code Execution Vulnerability in Plain Black WebGUI 6.3.0 and Earlier Versions Denial of Service Vulnerability in Symantec Brightmail AntiSpam 6.0 build 1 and 2 Plaintext Storage of WEP and WPA Keys in Microsoft Wireless Zero Configuration System Vulnerability: Unauthorized Access to WEP Keys and WPA Pre-Shared Keys via Microsoft Wireless Zero Configuration System (WZCS) Arbitrary Web Script Injection Vulnerability in TellMe 1.2 and Earlier TellMe 1.2 and Earlier Argument Injection Vulnerability Information Disclosure Vulnerability in TellMe 1.2 and Earlier Unspecified Local Information Disclosure Vulnerability in Solaris 10 Process File System (procfs) SQL Injection Vulnerability in IPBProArcade 2.5.2 Favorites Module Sensitive Information Disclosure in Apache Tomcat 4.0.3 on Windows Unspecified SSL Vulnerability in BEA WebLogic Server and WebLogic Express Insecure SSL Connection Creation Vulnerability in BEA WebLogic Server Unspecified Privilege Management Vulnerability in Sun Solaris 10 Multiple Cross-Site Scripting (XSS) Vulnerabilities in PHP GEN before 1.3 Arbitrary Code Execution Vulnerability in Adobe Macromedia MX 2004 Products and Others Authentication Bypass Vulnerability in JBoss Enterprise Java Beans (EJB) 3.0 RC3 Unspecified Remote Access Vulnerability in Autodesk and AutoCAD Products (ID DL5549329) SQL Injection Vulnerability in Neocrome Land Down Under (LDU) 801 via HTTP Referer Header CRLF Injection Vulnerability in process_signup.php in PHP Handicapper Unspecified Denial of Service Vulnerability in PAM-MySQL SQL Logging Facility OpenVMPS 1.3 Format String Vulnerability in vmps_log Function Multiple SQL Injection Vulnerabilities in PHP-Nuke 7.8 Modules.php Denial of Service Vulnerabilities in Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX Denial of Service Vulnerability in Microsoft Internet Explorer 6.0 Denial of Service Vulnerability in Opera 8.02 and Earlier Multiple SQL Injection Vulnerabilities in Sysbotz Systems Panel 1.0.6 and Earlier Denial of Service Vulnerability in Mozilla Firefox 1.0.7 and Earlier on Linux Arbitrary Web Script Injection Vulnerability in tmsPUBLISHER 3.3 search.cfm Sensitive Information Disclosure in tmsPUBLISHER 3.3 via Invalid id Argument in _Request_Message.cfm Denial of Service Vulnerability in D-Link DI-524, DI-624, and DI-784 Wireless Routers SQL Injection Vulnerability in PhpTagCool 1.0.3: Remote Code Execution via X-Forwarded-For Field Arbitrary Commenting Vulnerability in Geeklog before 1.3.11sr3 Improper Flood Protection in MUTE 0.4 Allows Remote Information Leakage Arbitrary Web Script Injection via User-Agent Header Field in gBook.cgi RPATH Vulnerability in Amaya 9.2.1 on Debian GNU/Linux SQL Injection Vulnerability in show.php in VBZooM Forum Unspecified Vulnerability in PEAR Text_Password 1.0: Potential Predictable Seed for Random Number Generator Insecure Session Handling in PEAR HTML_QuickForm_Controller 1.0.4 Cross-Site Scripting (XSS) Vulnerabilities in Tux Racer TuxBank 0.7x and 0.8 via index.php Denial of Service Vulnerability in NetBSD F_CLOSEM Fcntl Remote Code Execution Vulnerability in RSA Authentication Agent for Web Denial of Service Vulnerabilities in IBM DB2 Universal Database (UDB) 810 Denial of Service Vulnerability in IBM DB2 Universal Database (UDB) 820 Denial of Service Vulnerability in IBM DB2 Universal Database (UDB) 820 Privilege Escalation via Object Creation in IBM DB2 UDB 810 Denial of Service Vulnerability in IBM DB2 Universal Database (UDB) 820 Denial of Service Vulnerability in IBM DB2 Universal Database (UDB) 810 Privilege Escalation via Debugger Attachment in NetBSD Unspecified Vulnerability in Echelog 0.6.2: Exploitation of Function Stacks on Certain Architectures SQL Injection Vulnerabilities in NeLogic Nephp Publisher 4.5.2 and Earlier: Remote Code Execution Off-by-one error in sql_error function in FreeRADIUS 1.0.2.5-5 and possibly other versions SQL Injection Vulnerability in FreeRADIUS rlm_sqlcounter Module Buffer Overflow Vulnerabilities in FreeRADIUS 1.0.3 and 1.0.4 Arbitrary Web Script Injection in WebHost Automation Ltd Helm before 3.2.6 PHP Remote File Include Vulnerability in Virtual War (VWar) 1.5.0 R10 functions_admin.php Arbitrary HTTP Header Injection Vulnerability in BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability in BEA WebLogic Server and WebLogic Express Arbitrary Web Script Injection and Privilege Escalation in BEA WebLogic Server and WebLogic Express Privilege Escalation via run-as Deployment Descriptor Element in BEA WebLogic Server Incorrect Severity Level Reporting Vulnerability in BEA WebLogic Server and WebLogic Express Information Disclosure Vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP3 and Earlier Cleartext Storage of Private Key Passphrase in BEA WebLogic Server and WebLogic Express Improper Validation of Derived Principals in BEA WebLogic Server and WebLogic Express Improper Constrain of Servlet Root URL Pattern in BEA WebLogic Server and WebLogic Express Arbitrary File Read Vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP3 and Earlier Lack of Platform Warning in BEA WebLogic Server Migration Vulnerability Failure to Fully Protect Servlets in BEA WebLogic Server and WebLogic Express Sensitive Information Leakage in BEA WebLogic Server and WebLogic Express Cleartext Storage of Boot Password in BEA WebLogic Server and WebLogic Express Sensitive Information Disclosure in BEA WebLogic Server and WebLogic Express Denial of Service Vulnerability in BEA WebLogic Server and WebLogic Express Insecure Communication Protocol in BEA WebLogic Server Unencrypted Multicast Traffic in BEA WebLogic Server and WebLogic Express Weak Account Lockout Policy in BEA WebLogic Server SQL Injection Vulnerability in Tux Racer TuxBank 0.7x and 0.8 SQL Injection Vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 Unspecified Accelerated Enterprise Solutions Product SQL Injection Vulnerability Bypassing Domain-Authentication Prompt in Trusted Mobility Agent PC Policy Privilege Escalation via Insecure Permissions in liby2util in YaST Local Denial of Service Vulnerability in VMware ESX Server Xerver 4.17 Cross-Site Scripting (XSS) Vulnerability via /%00/ Sequence Information Disclosure: Password Hash Display in Contineo 2.0 Integer Overflow Vulnerability in FreeBSD Compatibility Code in NetBSD Cleartext Storage of FTP Password in Tashcom ASPEdit 2.9 Unspecified Configuration Problem in Powersave Daemon Allows Unauthorized Actions Verified Exec Kernel Subsystem Vulnerability Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier via search parameter in query_string SQL Injection Vulnerabilities in SergiDs Top Music Module 3.0 PR3 and Earlier for PHP-Nuke Denial of Service Vulnerability in NetBSD Kernel with Negative Linger Time Arbitrary Kernel Memory Read Vulnerability in NetBSD's kernfs_xread Multiple Buffer Overflows in POSIX readdir_r Function QuickBlogger 1.4 and Earlier XSS Vulnerability Buffer Overflow in HAURI Anti-Virus Products via ALZ Archive Filename Information Disclosure Vulnerability in Turnkey Web Tools SunShop Shopping Cart Vulnerability: Bypassing USB Device Access Control in SUSE Linux 9.2 and 9.3 Bypassing Access Restrictions for USB Devices in SUSE Linux 9.2 and 9.3 Untrusted Search Path Vulnerabilities in SUSE Linux 9.3 and 10.0 Untrusted Search Path Vulnerabilities in SUSE Linux 10.0 SQL Injection Vulnerability in Appalachian State University phpWebSite 0.10.1 and Earlier Unspecified Arbitrary Command Execution and Service Disabling Vulnerabilities in Hitachi Cm2/Network Node Manager Denial of Service Vulnerability in Cisco IP Phones and Network Services Unspecified Privilege Escalation Vulnerability in Solaris libmle Library Clipboard Selection Corruption Vulnerability in XView Library Directory Traversal Vulnerability in Solaris LPD Allows Remote File Deletion NFS Readlink Buffer Overflow Vulnerability Multiple Cross-Site Scripting (XSS) Vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and Earlier Direct static code injection vulnerability in YaPIG 0.95b and earlier: Remote authenticated administrators can inject arbitrary PHP code CSRF Vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and Earlier Local Privilege Escalation via Symlink Attack in Flexbackup 1.2.1 and Earlier Arbitrary File Overwrite Vulnerability in Graphviz Unspecified Remote File Read Vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 Unspecified Remote Source Code Disclosure Vulnerability in Sun Java System Application Server Unspecified Denial of Service Vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and Earlier Stack-based Buffer Overflow in GNU as (gas) Assembler in Free Software Foundation GNU Binutils Buffer Overflow in GNU as (gas) Assembler in Free Software Foundation GNU Binutils URL Spoofing Vulnerability in Mozilla Firefox 1.0.1 and Other Versions Denial of Service Vulnerability in Microsoft Internet Explorer 7.0 Beta3 and Earlier Denial of Service Vulnerability in Linux Kernel 2.6 Hugepage Code Denial of Service Vulnerability in SISCO OSI Stack for Windows Denial of Service Vulnerability in Crystal Reports XI Unrestricted File Upload Vulnerability in Segue CMS Allows Remote Code Execution FX SAP R/3 gwrd vulnerability Buffer Overflow Vulnerability in mod_radius in ProFTPD Format String Vulnerability in TMSNC's ui.c Allows for Denial of Service and Possible Code Execution Multiple SQL Injection Vulnerabilities in Copernicus Europa Arbitrary Web Script Injection Vulnerability in Lotus Domino Versions Before 6.5.4 FP1 and 7.0 Denial of Service Vulnerability in SMC7904WBRA Wireless Router Multiple SQL Injection Vulnerabilities in Land Down Under (LDU) v801 and Earlier Arbitrary SQL Command Execution in Digger Solutions Intranet Open Source (IOS) v2.7.2 Buffer Overflow Vulnerability in HP HTTP Server 5.0 through 5.95 Remote File Inclusion Vulnerability in Siteframe 3.2.2: Execute Arbitrary PHP Code via LOCAL_PATH Parameter Cisco Clean Access Secure Smart Manager Remote File Upload Vulnerability Denial of Service Vulnerability in Cisco Catalyst 2950T Switches via Crafted Subset-Advert Message Packet Same-Origin Policy Bypass in Internet Explorer 6.0 and Other Versions Potential vulnerability in Kolab Server 2.0.0 and 2.0.1: Incorrect Handling of Large Emails with Misplaced . Character Vulnerability: Improper Error Handling in VirtueMart before 1.0.1 CRLF Injection Vulnerability in ViewCVS 0.9.2 Arbitrary Content-Type Header Vulnerability in ViewCVS 0.9.2 and 0.9.4 SQL Injection Vulnerability in Oracle Database Server 10g via SYS.DBMS_CDC_SUBSCRIBE and SYS.DBMS_CDC_ISUBSCRIBE Packages Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) 6.0 Information Disclosure Vulnerability in IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 Denial of Service Vulnerability in ath_rate_sample Function in MadWifi Null Byte Injection Vulnerability in Apache Tomcat 4.1.15 through 4.1.40 Denial of Service Vulnerability in Net-SNMP 5.x.x Cross-Site Scripting (XSS) Vulnerabilities in Jakarta Tomcat 5.5.6 and Earlier Information Leak in PureTLS before 0.9b5 due to Uncleared Optional Extensions and Algorithm Parameters Outlook Express Address Book Control Denial of Service Vulnerability Outlook Progress Ctl Control Denial of Service Vulnerability Remote Code Execution Vulnerability in System Monitor Source Properties Control SmartConnect Class Control Denial of Service Vulnerability Remote Denial of Service Vulnerability in CLSID_ApprenticeICW Control Denial of Service Vulnerability in Java Plug-in 1.4.2_03 and 1.4.2_04 Format String Vulnerability in Logger.cc for Spey 0.3.3 Unspecified Security Vulnerability in Spey 0.3.3 with Unknown Impact and Attack Vectors Buffer Overflow Vulnerability in BlackBerry Enterprise Server 4.0 SP1 and Earlier Exposure of User and Password Attributes in Apache Derby Vulnerability: Arbitrary Data Editing in eZ publish 3.5-3.7 Node Level Permission Bypass in eZ publish 3.4.4 through 3.7 before 20050722 Siteaccess URIMatching Implementation Vulnerability Arbitrary Post Editing Vulnerability in eZ publish Forum Package Information Disclosure Vulnerability in eZ Publish 3.5-3.7 (pre-20050830) Unrestricted File Upload Vulnerability in eZ Publish eZ publish Admin Interface Information Disclosure Vulnerability Remote Code Execution Vulnerability in eZ publish 3.5 to 3.8 Multiple Cross-Site Scripting (XSS) Vulnerabilities in Mimicboard2 (Mimic2) 086 and Earlier Insecure Storage of Sensitive Information in Mimicboard2 (Mimic2) 086 and Earlier Weak Cryptography in Spectrum Cash Receipting System Allows Privilege Escalation Authentication Bypass in Ragnarok Online Control Panel (ROCP) 4.3.4a Cleartext Password Indexing Vulnerability in XWiki 0.9.793 Stack-based Buffer Overflow in db2fmp in IBM DB2 7.x and 8.1 Stack-based Buffer Overflow in libdb2.so in IBM DB2 7.x and 8.1 Stack-based Buffer Overflow in IBM DB2 7.x and 8.1 via Long Libname Stack-based Buffer Overflow in IBM DB2 8.1 JDBC Applet Server Stack-based Buffer Overflow in SATENCRYPT Function in IBM DB2 8.1 with SATADMIN Enabled Default Permissions in IBM DB2 8.1 Allow Unauthorized Access and Denial of Service Denial of Service Vulnerability in IBM DB2 8.1 via Empty String Parameter Stack-based buffer overflow in IBM DB2 8.1 XML Functions Privilege Escalation via XML Functions in IBM DB2 8.1 Buffer Overflow Vulnerability in PCRE Library Stack-based buffer overflows in phpcups PHP module for CUPS 1.1.23rc1 XMLHttpRequest Object in Mozilla 1.7.8 Allows Password Disclosure via HTTP TRACE Method Information Disclosure Vulnerability in TYPO3 3.8.0 and Earlier Cross-site scripting (XSS) vulnerability in Openfire admin console login form Cross-site scripting (XSS) vulnerability in Openfire admin console login form (login.jsp) in version 2.3.0 Beta 2 Multiple Cross-Site Scripting (XSS) Vulnerabilities in ACID and BASE Console Scripts Multiple Cross-Site Scripting (XSS) Vulnerabilities in Jax Guestbook 3.1 and 3.31 Sensitive Information Disclosure in Jax Guestbook 3.1 and 3.31 Uninitialized Padding Fields Vulnerability in Linux Kernel Netlink Subsystem Remote Denial of Service in Philippe Jounin Tftpd32 2.74 and earlier Race condition vulnerability in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause denial of service (daemon crash) via invalid connect frames Oracle OLAP Component Remote Availability Vulnerability Remote Data Deletion Vulnerability on Sun StorEdge 6130 Controller Arrays Denial of Service Vulnerability in selinux_parse_skb_ipv6 Function Unspecified Password-related Vulnerability in NWFTPD.nlm Denial of Service Vulnerability in NWFTPD.nlm Privilege escalation vulnerability in RPM package removal process TTY Hijacking Vulnerability in Shadow and Sudo SQL Injection Vulnerability in Simple Machine Forum (SMF) Versions 1.0.4 and Earlier Integer overflows in TCMalloc leading to memory-related attacks SHA-1 Vulnerability: Collision Attacks and TLS 1.2 Spoofing