Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) char...

phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as...

phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the ...

Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php.

Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.

Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.

Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.

Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be result...

Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry ...

Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.

SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL co...

Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."

SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.

Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate in...

Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbi...

Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document.

Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at ...

Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.

Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openweb...

Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCo...

Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album...

zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the ...

PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to ...

Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was origi...