SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.

The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed.