The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy.

lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.

Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext.

Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.

Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."

Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files.

Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.

AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.

Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.

Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.

Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter.

SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket.

Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.

Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php.

Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.