Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter.

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.

Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.

Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.

Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.

EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.

topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.

SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.

Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.

post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.

SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.

users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.

SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.