Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file.

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

VMware Workstation before 5.5.4, when running a 64-bit Windows guest on a 64-bit host, allows local users to "corrupt the virtual machine's register context" by debugging a local program and stepping into a "syscall instruction."

VMware Workstation before 5.5.4 allows attackers to cause a denial of service against the guest OS by causing the virtual machine process (VMX) to store malformed configuration information.

The virtual machine process (VMX) in VMware Workstation before 5.5.4 does not properly read state information when moving from the ACPI sleep state to the run state, which allows attackers to cause a denial of service (virtual machine reboot) via unk

The memory management in VMware Workstation before 5.5.4 allows attackers to cause a denial of service (Windows virtual machine crash) by triggering certain general protection faults (GPF).

Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.

Cross-site scripting (XSS) vulnerability in the themes_links function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes

Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests.

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager.

Cross-site scripting (XSS) vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter.