PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.

The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.

The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table.

The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.

Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.

Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file.

masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message.

Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.

apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.

Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.