Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vul...

Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.

IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server.

WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred.

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via co...

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.

The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.

Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Di...

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request.

NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.

libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.

Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.

Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable.

Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable.

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.

Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table.