Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.

Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi ...

Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the usernam...

admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.

Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the sys...

ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter.

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP s...

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty pass...

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to by...

Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply.

Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a .. (dot dot) in the list parameter.

Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter.

Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.

Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the...

Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges.

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin co...

PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges.

Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, o...

Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.

Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility.

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user...