Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.

SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.

Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains...

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-...

Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infu...

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more ...

AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensitive information via a direct request for (1) adodb-access.inc.php, (2) adodb-ado.inc.php, (3) adodb-ado_access.inc, (4) adodb-ado_m...

SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string.

Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitra...

Directory traversal vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to read arbitrary files via directory traversal sequences in the read p...

Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. N...

Multiple PHP remote file inclusion vulnerabilities in SmartISoft phpListPro 2.01 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the returnpath parameter in (1) editsite....

The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy...

Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: due to lack of...

Ideal Science Ideal BB 1.5.4a and earlier does not properly check file extensions before permitting an upload, which allows remote attackers to upload and execute an ASP script via a 0x00 character be...

Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier allows remote attackers to read arbitrary files under the web root via unspecified attack vectors related to the OpenTextFile met...

S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify passw...

BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) co...

The HTTP service in EServ/3 3.25 allows remote attackers to obtain sensitive information via crafted HTTP requests containing dot, space, and slash characters, which reveals the source code of script ...

Directory traversal vulnerability in the IMAP service in EServ/3 3.25 allows remote authenticated users to read other user's email messages, create/rename arbitrary directories on the system, and dele...

Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name.

Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) comp...

Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which i...

The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets...