fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is lea...

SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets.

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attacker...

Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (...

SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.

Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message.

Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter.

Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parame...

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disput...

engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the g...

Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".."...

The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input ...

Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to...

Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue ...

Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP so...

Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF varia...

PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.

Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the o...

Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, ...

Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL...

Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecif...

Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command.

Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.