The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.

TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges b...

ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name.

Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long...

find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.

aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.

add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.

Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to refer...

Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packe...

Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter.

Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.

Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP co...

Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic paramet...

Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the...

Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post.

BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working...

Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstra...

Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct br...

The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as de...

BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext i...

BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communic...

BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL.

Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid pa...