Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors.

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.

The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.

Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command.

Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.

Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter.

Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.

Hyperseek allows remote attackers to modify the hyperseek configuration by directly calling the admin.cgi program with an edit_file action parameter.