Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PRO...

eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or ...

Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administra...

Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does no...

Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command.

Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an H...

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) th...

Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.

The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) charact...

The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a ...

Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.

Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer...

Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values ...

Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.

Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceedi...

fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.

Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.

Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.

ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable ba...