JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.

Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916.

TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Cross-site scripting (XSS) vulnerability in users/resume_register.php in Omnistar Recruiting allows remote attackers to inject arbitrary web script or HTML via the job2 parameter.

PHP remote file inclusion vulnerability in home.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.

Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, Ichitaro Government 2006 through 2009, and Just School 2008 and 2009 allows remote attackers to execute arbitrary code via unknown vectors related to "product character attribute processing" for a document.

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.