Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process app...

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that...

A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote...

Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell obj...

Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.

catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing ...

Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info paramet...

Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the i4l package on SuSE 7.3, 8.0, and possibly other operating systems, may allow local users to gain privileges.

Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name comman...

Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted.

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).

The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execu...

Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code ...

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of servi...

wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to (1) execute arbitrary code or (2) conduct cross-site scripting attacks via certain parameters (possibly "dict") to...

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving...

Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.

Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.

Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.

Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.