Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.

netman.dll in Microsoft Windows Connections Manager Library allows local users to cause a denial of service (Network Connections Service crash) via a large integer argument to a particular function, a...

Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and poss...

Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2)...

BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefen...

Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.

YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.

NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.

Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.

PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message.

Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.

SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.

WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emerge...

Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors.

Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.

Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data.

Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded jav...

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin ...

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by callin...

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation ...

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) ...

Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan paramet...