Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other para...

SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter.

SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.

SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified ...

The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be resta...

Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcast...

SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) ...

The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injecti...

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, ...

Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include...

SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id para...

Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by ind...

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL e...

SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.

Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions ...

Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.

Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.

login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".

Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the e...

Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and no...

Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to...

Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -r...