A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privilege...

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript co...

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sand...

Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to m...

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNo...

Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection obj...

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege t...

Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causin...

SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets ...

PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.

SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) dat...

The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to acc...

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when c...

SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.

Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and ...

home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_a...

SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the ...

SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter.

Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server.

The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console.

SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission.

Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.p...