Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user ...

PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor h...

Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.ph...

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_...

PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this iss...

SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, ...

PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which o...

PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process.

Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that ar...

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function.

Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via un...

Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to execute arbitrary code via a long string in a request to TCP port 515.

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted att...

Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors.

SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-2006...

SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "...

Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unc...

Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could no...

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CV...

Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word docu...

Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled excepti...

Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overfl...