Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.

SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file.

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.

Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to bypass the same-domain restriction and read arbitrary files via (1) an HTTP redirect, (2) a "file://" base in a web document, or (3) a relative URL from a web archive (mht file).

CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable.

SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.

Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool allows remote attackers to insert arbitrary HTML or script via the GPC variable.

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.

details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields.

Web Shop Manager 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search box.

L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.

SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.

Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to execute arbitrary code via a long $asctime value.

Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow remote attackers to insert script or HTML into web pages via (1) test.php, (2) test.shtml, or (3) redir.exe.

MyWebServer 1.0.2 allows remote attackers to determine the absolute path of the web document root via a request for a directory that does not exist, which leaks the pathname in an error message.