PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.
secunia.com/advisories/19743
securityreason.com/securityalert/742
securitytracker.com/id?1015967
www.osvdb.org/24778
www.securityfocus.com/archive/1/431351/100/0/threaded
www.securityfocus.com/archive/1/434562/100/0/threaded
www.securityfocus.com/bid/17597
www.vupen.com/english/advisories/2006/1430
exchange.xforce.ibmcloud.com/vulnerabilities/25893