Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via ...

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) ...

Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.c...

Multiple PHP remote file inclusion vulnerabilities in Article System 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_DIR parameter to (1) forms.php, (2) issue_edit.ph...

Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.

wcSimple Poll stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password hashes via a direct request for password.txt.

SQL injection vulnerability in blocks/block-Old_Articles.php in Francisco Burzi PHP-Nuke 7.9 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to ...

PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.

SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon Sistemi 4.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."

Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a craft...

Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.13 and 8.47.11 has unknown impact and attack vectors in PeopleTools, aka PSE01.

Multiple unspecified vulnerabilities in Oracle Enterprise Manager 10.1.0.5 have unknown impact and attack vectors related to Oracle Agent, aka (1) EM01 and (2) EM02. NOTE: EM05 might be related to CVE...

Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vec...

Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, ...

Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via un...

SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the iid parameter.

Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this ...

WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m...

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an adm...

PHP remote file inclusion vulnerability in index.php in Naig 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the this_path parameter. NOTE: a reliable third party ...

Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to obtain sensitive information via an invalid cat parameter to boxx/knowledgebase.asp, which reveals the path in an error message.