Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php.

Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vul...

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script...

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user...

Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences a...

Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2)...

Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1...

Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) se...

SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this inform...

SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php.

JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files director...

Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOT...

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Net...

The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by r...

Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.

PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, an...

Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being s...

SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program.

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the ob...

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byt...

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX cont...

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.