Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and poss...

Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses.

SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field.

Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php...

ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access.

Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).

Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and...

img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.

Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument ...

Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.

Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.

Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service...

Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) ...

SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that refer...

The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asy...

DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.

man2web allows remote attackers to execute arbitrary commands via -P arguments.

Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts.

frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.

Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.