Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.

SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product an...

The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accesse...

SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter.

Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license.

Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be ...

PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter.

upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP cod...

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage p...

Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with...

Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code.

Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not imple...

PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.

I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.

Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.

Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_da...

Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluste...

Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.

Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.

gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (...

A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.

Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.