Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII f...

Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference.

Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) "%2e%2e" (encoded dot dot) sequences.

Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresse...

Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.

VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code.

index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the...

Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation ...

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php,...

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for...

The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly trigger...

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma p...

The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.

The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain...

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL th...

Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same ...

SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field.

Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements.