Remote file inclusion

PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter...

CVE-2007-0796

Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a long HTTP CONNECT request, which triggers heap corruption...

Remote file inclusion

PHP remote file inclusion vulnerability in xtcounter.php in Xt-Stats 2.3.x up to 2.4.0.b3 allows remote attackers to execute arbitrary PHP code via a URL in the serverbasedir parameter...

CVE-2006-6958

Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to 1 teamadmin.php, 2 rssadmin.php, 3 manualadmin.php, and 4 forumadmin.php in includes/rootmodules/, a different set of vecto...

CVE-2007-0463

Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in 1 SWUTMP or 2 SUCATALOG filenames, or using the 3 application/x-apple.sucatalog+xml MIME...

CVE-2007-0462

The GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB ARGB...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBCLANGUAGEPATH parameter...

CVE-2007-0515

CVE-2007-0515 affects Microsoft Word via a Section Table/Table Stream buffer overflow in Word documents. The vulnerability allows memory corruption that, per sources, enabled remote code execution on Word 2000 (and denial of service on Word 2003) when users open a crafted .doc file. Root cause: S...

CVE-2007-0496

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website nlws 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gstrRootDir parameter...

CVE-2007-0469

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

Format string

Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service null pointer dereference and application crash and possibly execute arbitrary code via format string specifiers in an aim:// URI...

CVE-2007-0021

Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service null pointer dereference and application crash and possibly execute arbitrary code via format string specifiers in an aim:// URI...

CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files

The extractfiles function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages...

Remote file inclusion

PHP remote file inclusion vulnerability in mep/frame.php in PHPMyphorum 1.5a allows remote attackers to execute arbitrary PHP code via a URL in the chem parameter...

CVE-2007-0344

Multiple format string vulnerabilities in 1 invitedToRoom: and 2 invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, relate...

CVE-2007-0344

CVE-2007-0344 affects Colloquy 2.1 and earlier, with multiple format-string vulnerabilities in the internal methods _invitedToRoom and _invitedToDirectChat. The format specifiers in the channel name of an INVITE request can trigger denial of service (application crash) and potentially arbitrary c...

CVE-2007-0315

Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors related to 1 Options.cpp when storing settings in the registry, and 2 the transfer queue QueueCtrl.cpp. NOTE: some of these...

CVE-2006-6940

Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA pop2owa 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the AMVserverpath parameter...

CVE-2007-0148

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the Javascript alert function...