Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters.

Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.

Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwor...

RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to ...

SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions.

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.

Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument.

The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable.

nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" addre...

The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the devi...

XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X displ...

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, wh...

Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers tha...

diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan ...

Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM...

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and a...

libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread...

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.