The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer derefer

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into

Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted

PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue c

Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rende

Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php

Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.

PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.

Heap-based buffer overflow in the IMAP service in Qbik WinGate 6.2.2.1137 and earlier allows remote authenticated users to cause a denial of service (resource exhaustion) or possibly execute arbitrary code via a long argument to the LIST command. NO

The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4011. Reason: This candidate is a duplicate of CVE-2005-4011. Notes: All CVE users should reference CVE-2005-4011 instead of this candidate. All references and descriptions in t