Design/Logic Flaw

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...

CVE-2007-2079

The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified...

CVE-2007-2083

vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service system crash or possibly execute arbitrary code via crafted arguments to the 1...

Remote file inclusion

PHP remote file inclusion vulnerability in modweather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter...

CVE-2007-1976

PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfigrootpath parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application'...

Remote file inclusion

PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter...

Buffer overflow

Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the 1 xoffset or 2 yoffset RLE command, or 3 large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp...

CVE-2007-1908

The CVE-2007-1908 entry describes a PHP file inclusion flaw in PHP121 Instant Messenger 2.2. An attacker can trigger arbitrary PHP code execution by passing a UNC share pathname or a local file pathname to the php121dir parameter, which is checked with file_exists. This is a remote-code-execution...

CVE-2007-1352

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS 0.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the SitePath parameter to 1 boxes/quotes.php or 2 templates/mangobery/footer.sample.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in GraFX Company WebSite Builder CWB PRO 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the INCLUDEPATH parameter to 1 clsheadlineprod.php, 2 clslistorders.php, or 3 clsviewpastorders.php in include/, different vectors than...

CVE-2007-1770

Buffer overflow in the ArcSDE service giomgr in Environmental Systems Research Institute ESRI ArcGIS before 9.2 Service Pack 2, when using three tiered ArcSDE configurations, allows remote attackers to cause a denial of service giomgr crash and execute arbitrary code via long parameters in crafte...

CVE-2007-1655

Buffer overflow in the funladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors related to lists of numbers...

CVE-2007-1655

Buffer overflow in the funladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors related to lists of numbers...

Buffer overflow

Buffer overflow in the Ne7sshSftp::addOpenHandle function in ne7sshsftp.cpp in NetSieben SSH Library ne7ssh before 1.2.1 allows user-assisted remote SFTP servers to cause a denial of service crash or possibly execute arbitrary code via multiple file transfers, related to multiple open file handle...

Buffer overflow

Buffer overflow in the funladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service crash or possibly execute arbitrary code via unspecified vectors related to lists of numbers...

CVE-2007-1640

Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to 1 language.php and 2 phpadmin/survey.php...

CVE-2007-1614

Stack-based buffer overflow in the zzipopensharedio function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service application crash or execute arbitrary code via a long filename...

CVE-2007-1596

Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book comnfnaddressbook 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 components/comnfnaddressbook/nfnaddressbook.php or 2...