#ibm

The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The Check It Out shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The CartIt shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.

Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack.

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.

Buffer overflow in SCO su program allows local users to gain root access via a long username.

Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.

Denial of service in Cisco routers running NAT via a PORT command from an FTP client to a Telnet port.