Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitr...

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that ...

Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and d...

Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authent...

Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses p...

Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and 6.x before 6.6 allows remote authenticated users with create book content or edit node book hierarchy permissions to inject arbit...

Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary w...

Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" pe...

Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote atta...

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attac...

An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier f...

Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column.

The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination ...

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOT...

Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body para...

libata in the Linux kernel before 2.6.27.9 does not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultan...

The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecif...

WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.

The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances...

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domai...