SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.
MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties.
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key.
Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field.
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.
Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag.
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.
Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables.
Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php.
APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.
Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability.
Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.
Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell.
Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.
Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.
SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.
Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter.
SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.
Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.