Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in th...

Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloa...

Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE comman...

Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter...

Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name...

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.

Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day...

Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the ML...

Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer.

Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.

RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.

Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain ...

Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.

Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a Z...

Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering.

CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address.

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via...

Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper ...

Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via th...

Multiple cross-site scripting (XSS) vulnerabilities in index.php in HB-NS 1.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) poster_name, (2) poster_email, (3) poster_home...