Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).

Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a den...

Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.

Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal befor...

Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.

Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of ...

Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort).

fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body...

Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2...

Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name paramete...

Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2...

Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NO...

Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickn...

Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to h...

Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/b...

Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database...

Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences...

Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.

Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space).

NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.