CVE-2007-2485

PHP remote file inclusion vulnerability in myflash-button.php in the myflash 1.00 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 localize.php or 2 config.php in modules/admin/include/...

CVE-2007-1320

Multiple heap-based buffer overflows in the cirrusinvalidateregion function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and possibly other products, might allow local users to execute arbitrary code via unspecified vectors related to "attempting to mark non-existent regions as dirty...

CVE-2007-2434

CVE-2007-2434 affects Aventail Connect 4.1.2.13, with a buffer overflow in asnsp.dll that can be triggered by a malformed DNS query. Exploitation could cause a denial of service (application crash) or allow arbitrary code execution . The supplied documents do not include a patch or mitigation det...

Information disclosure

Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable sour...

CVE-2007-2323

Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the 1 GetDiscType or 2 AddFileList method. NOTE: the provenance of this information is unknown; the details are...

Remote file inclusion

PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b allows remote attackers to execute arbitrary PHP code via a URL in the msetstrPROGSDIR parameter...

CVE-2007-2328

Affected software/variant: phpMYTGP 1.4b. Vulnerability type: PHP remote file inclusion in addvip.php. Root cause: unchecked/malicious URL input via msetstr[PROGSDIR] leads to arbitrary PHP code execution. Impact (as stated): arbitrary code execution possible; CVSS base factors include high impac...

CVE-2007-2318

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in 1 FTP server responses or 2 data sent by an FTP server. NOTE: some of these details are obtained from third party information...

CVE-2007-2301

Multiple PHP remote file inclusion vulnerabilities in audioCMS arash 0.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the arashlibdir parameter to 1 edit.inc.php and 2 listfeatures.inc.php in arashlib/include, and 3 arashgadmin.class.php and 4 arashsadmin.class.php in...

Remote file inclusion

PHP remote file inclusion vulnerability in getinfo1.php in the Shotcast 1.0 RC2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mxrootpath parameter...

Buffer overflow

Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the bibtexrootrel parameter to 1 unavailable.php, 2 source.php, 3 log.php, 4 latex.php, 5 indexinfo.php, 6 index.php, 7 importinfo.php, 8 import.php, 9...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board GPB unstable-2001.11.14-1 allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 db.mysql.inc.php or 2 gpb.inc.php in include/, or the 3 theme parameter to themes/ubb/login.php...

Design/Logic Flaw

Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly...

CVE-2007-2094

PHP remote file inclusion vulnerability in index.php in Anthologia 0.5.2 allows remote attackers to execute arbitrary PHP code via a URL in the adsfile parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abspath parameter to 1 index.php or 2 checkout.php...

CVE-2007-2083

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in 1 the CONFIGPOLLDB parameter to actionpoll.php or 2 the CONFIGDB parameter to db/DataReaderWriter.php, different vectors...