Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.

Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe).

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript.

SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters.

Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.

Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.

Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.

Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.

Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.