Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to ...

DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) themem...

post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation pa...

system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, a...

system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages ...

Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath para...

SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown...

Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not...

Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script ...

Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.

Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Fil...

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct reques...

The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which ...

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect h...

Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, whic...

Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disa...

Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) Active...

Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.

Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface.

Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a...

SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.