Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) th...

Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private...

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via...

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals ...

Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but contin...

Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).

Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.

Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open v...

Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or ...

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the ...

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger...

Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page ...

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock fro...

Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as "&#32") in the middle of the URL.

Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.

The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName var...

Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.

Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Serv...

Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.

The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypas...

TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.

The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.

Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.