NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command.

Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via a crafted username.

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the...

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header...

The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerabil...

Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute a...

Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.

Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 characters, which allows remote attackers to prevent the IP address from being logged via a long IDENT response.

Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the ...

Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.

Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.

Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a runnin...

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connec...

WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script source code for files with extensions greater than 3 characters via a URL request that uses the equivalent 8.3 file name.

openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify va...

Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phs...

Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.

Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth configured to proxy HTTP traffic only, allows remote attackers to pass unauthorized HTTPS, FTP and possibly other traffic through the...

Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).

Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequenc...

Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

The new thread posting page in APBoard 2.02 and 2.03 allows remote attackers to post messages to protected forums by modifying the insertinto parameter.

InterScan VirusWall 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 gzip content encoding.