PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap.

F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into ...

SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.

SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this infor...

Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printartic...

Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2...

SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credential...

Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2...

Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrar...

Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of...

Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Buffer overflow in the BrightStor Backup Discovery Service in multiple CA products, including ARCserve Backup r11.5 SP1 and earlier, ARCserve Backup 9.01 up to 11.1, Enterprise Backup 10.5, and CA Ser...

BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.

Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /passwo...

Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a downl...

Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin c...

SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "S...

SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the...

PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php.

Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter....

SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is...

Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash)...

PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.