Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negativ...

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.

bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file...

bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra redu...

Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different ...

Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the "Certified plug-ins only" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which...

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memor...

SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings.

Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.

GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.

A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes f...

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and H...

Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.

The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via...

Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS valu...

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is the...

Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authenticatio...

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a...

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the f...