RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.

Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink w...

Directory traversal vulnerability in the HTTP server for BPM Studio Pro 4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

Directory traversal vulnerability in BadBlue before 1.6.1 allows remote attackers to read arbitrary files via a ... (modified dot dot) in the URL.

comment2.jse in ScriptEase:WebServer allows remote attackers to read arbitrary files by specifying the target file as an argument in the URL.

Yahoo! Messenger 5.0 allows remote attackers to spoof other users by modifying the username and using the spoofed username for social engineering or denial of service (flooding) attacks.

FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.

fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which...

Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.

SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than th...

Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.

Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.

GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.

The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.

Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, ...

ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequence...

Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.

Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.

FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.

Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time.

Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.

Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.

Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.