Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.

Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.

Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.

PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.

PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepres...

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie f...

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostn...

Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter. NOTE: the provenance of this info...

Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been di...

Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly sca...

Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenan...

Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) vi...

Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter.

ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.

Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3...

Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through ...

Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.

Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.

SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vu...