PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute a...

Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) pro...

Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) a...

SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.

PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arb...

Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code v...

SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a q...

Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain ad...

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.

PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter.

PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter.

SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the detail...

Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of da...

Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.

Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topma...

ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and ...

The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.

Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters.

Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and...

Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.

SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.