Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.