Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFin

Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatc

Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages th

Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.

SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.

The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by mo

Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code b

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.p

Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.

M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.

Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers to execute arbitrary SQL commands via the id parameter.

HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.

DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations a

Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NO