ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.

Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.

Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email, and (4) website parameters.

Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) country, (3) email, (4) website, and (5) message parameters.

Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.

Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.

DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

PHP remote file inclusion vulnerability in index.php in Mani Stats Reader 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ipath parameter.

SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.

SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.

A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images.

SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-level URI (index.php), possibly related to ver_descarga.php.

SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."

Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (2) Register.php.

SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.