Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the...

The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.

Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long...

Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.

Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d i...

SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a ...

Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.

The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packet...

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unsp...

Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Se...

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.

Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator...

ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.

Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and at...