SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5)

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a '\0' (0x00) character in

httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain sensitive information (script source code) via a URI with a trailing %20 (encoded space).

dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute arbitrary commands by uploading a Perl program to the server and using a .. (dot dot) in the AZ parameter to reference the program.

SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.

Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter.

MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.

Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC servers to cause a denial of service (application crash) via a long CTCP request message containing '%' (percent) characters.

Format string vulnerability in HydraIRC 0.3.151 allows remote attackers to cause a denial of service via format string specifiers in certain data related to failed DCC file transfer negotiation.

Heap-based buffer overflow in the FindFiles function in UltraDefrag 1.0.3 allows local users to gain privileges via a file with a long pathname. NOTE: some of these details are obtained from third party information.