Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.

Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via (1) "<<script" in unspecified input fields or (2) a javascript: URL in the src attribute of an IMG tag.

Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.

Directory traversal vulnerability in index.php of Portix 0.4.02 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) l and (2) topic parameters.

The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.

FTGate and FTGate Pro 1.05 lock user mailboxes before authentication succeeds, which allows remote attackers to lock the mailboxes of other users.

cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cause a denial of service (disk consumption) via an HTTP POST of a file with a long TargetURL parameter, which causes Site Server to abort and leaves the uploaded file in c:\temp.

Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session.

mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX) 1.5.7 allows remote attackers to cause a denial of service via malformed packets.

Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command.

The DCOM client in Windows 2000 before SP3 does not properly clear memory before sending an "alter context" request, which may allow remote attackers to obtain sensitive information by sniffing the session.

Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.

ICQ 2001a and 2002b allows remote attackers to cause a denial of service (memory consumption and hang) via a contact message with a large contacts number.

SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page.

Cross-site scripting (XSS) vulnerability in the default ASP pages on Microsoft Site Server 3.0 on Windows NT 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) ctr parameter in Default.asp and (2) the query string to formslogin.asp.

java.security.AccessController in Sun Java Virtual Machine (JVM) in JRE 1.2.2 and 1.3.1 allows remote attackers to cause a denial of service (JVM crash) via a Java program that calls the doPrivileged method with a null argument.

Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.

SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.