Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that t

PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php

BMC Remedy Action Request System 5.01.02 Patch 1267 generates different error messages for failed login attempts with a valid username than for those with an invalid username, which allows remote attackers to determine valid account names.

The default permissions for the SNMP Parameters registry key in Windows NT 4.0 allows remote attackers to read and possibly modify the SNMP community strings to obtain sensitive information or modify network configuration, aka one of the "Registry Pe

PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.

PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter.

Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code.

SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.

Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.

The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted,

Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.

The RIP process in Cisco IOS XR allows remote attackers to cause a denial of service (process crash) via a crafted version-2 RIP packet, aka Bug ID CSCue46731.