cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading.

Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.

Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files.

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.

search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.

Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.

The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.

Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file.

get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.

Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message.

Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message.

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.