The Shoptron shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SmartCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Make-a-Store OrderPage shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5.

The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing.

Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag.