DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and bl...

SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating ...

SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the p...

Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbit...

Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Ne...

Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) fi...

Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.

PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SER...

Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (...

Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.

SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.

The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function.

Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbit...

PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter....

PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path...

Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip,...

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remo...

Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic...

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.

Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts ...

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character ...