TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open.

Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.

Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.

CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of service (infinite recursion) by creating a message board post that is a child of an outdated parent.

Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags.

Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote attackers to inject arbitrary web script or HTML via tasklists.

Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter.

Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.

MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a denial of service (crash) via a long HTTP request, possibly triggering a buffer overflow.

Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.

The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.

Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message.

NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information.

Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.

rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.

Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry.

CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.