SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.

The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to exec...

The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument.

The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.

SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field.

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.

Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyw...

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) ...

index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.

inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various...

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP P...

Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or mo...

Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a l...

Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sen...

Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible...

The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in c...

Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.

Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users...

Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to ex...