PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.

BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote at...

BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a us...

Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) li...

SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspec...

PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the...

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains ...

SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.

Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.

php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbit...

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly hand...

WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which ...

WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) does not properly handle when the Windows Administrator or Guest accounts are renamed after SSH key authenticati...

Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio fil...

Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue (.lsq) file.

Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a C...

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values,...

Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs....

Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.

The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary ...

Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.

upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.