Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.

Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites.

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors.

Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors.

The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.

The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.

SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.

Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.

SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.

Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field.

The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."

Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.

Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL.

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720.

MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.