Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allow...

Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_...

Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by ...

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back ...

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduc...

Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot ...

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.

Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic."

Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote...

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) re...

The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child proces...

Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions ...

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sens...

IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via...

IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.

The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local us...

The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with...

mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict overcommit is enabled and CONFIG_SECURITY is disabled, does not properly handle the export of shmemfs objects by knfsd, which allows attac...

Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1)...

RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.

McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to ob...