parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.

Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.

PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.

Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.

ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".

Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument.

Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.

Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.

Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.