Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.

Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does not restrict which file types can be downloaded, which allows an attacker to download any type of file to a user’s system by encoding it within an email message or news post.