BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in con...

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager reject...

The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional...

Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket erro...

RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900.

Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a larg...

Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.

Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.

Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.

Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.

Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.

Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.

Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.

Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.

Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.

Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.

Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the ...

Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.

Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.

signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup....

Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.

BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.