PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the...

Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll.

Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance ...

Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a U...

parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages.

HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers ...

Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, ...

requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename tha...

Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.p...

The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (...

Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the ...

Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified ...

PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.

Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header ...

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not...

Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in ...

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/mya...

Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is importe...

Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in que...

Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.