CVE-2007-5387

PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ccomponents parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta aka Phoenix allows remote attackers to execute arbitrary PHP code via a URL in the siteabsolutepath parameter...

CVE-2007-5294

CVE-2007-5294 affects IDMOS 1.0-beta (aka Phoenix); a PHP remote file inclusion flaw exists in core/aural.php that allows an attacker to execute arbitrary PHP code via a site_absolute_path URL parameter. The description confirms remote code execution via a crafted URL, but the connected documents...

CVE-2004-2711

Multiple buffer overflows in Gyach Enhanced Gyach-E before 1.0.2 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via vectors related to "avatar retrieval."...

CVE-2007-5247

Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon F.E.A.R. 1.08 and earlier, when Punkbuster PB is enabled, allow remote attackers to execute arbitrary code or cause a denial of service daemon crash via format string specifiers in 1 a...

CVE-2007-4990

The swapchar2b function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap...

Format string

Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name...

Remote file inclusion

PHP remote file inclusion vulnerability in NewsCMS/news/newstopicinc.php in North Country Public Radio Public Media Manager PMM 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to 1 core/modules/my/my.module.php or 2 core/modules/xml/xml.module.php; the COREROOT parameter to 3 config.loader.php, 4...

CVE-2007-5147

Puzzle Apps CMS 2.2.1 is affected by multiple PHP remote file inclusion vulnerabilities that allow an attacker to supply a URL via parameters (MODULEDIR, COREROOT, THISDIR, etc.) to trigger inclusion in various modules/files, leading to remote code execution. Affected paths include core/modules/m...

CVE-2007-5102

PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

HP-UX PHSS_36386 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)

s700800 11.X IA-64 OV NNM7.51 Intermediate Patch 16 : Potential vulnerabilities have been identified with HP OpenView Network Node Manager OV NNM running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting XSS, Denial of Service DoS, or execution of arbitra...

HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)

s700800 11.X PA-RISC OV NNM7.51 Intermediate Patch 16 : Potential vulnerabilities have been identified with HP OpenView Network Node Manager OV NNM running Apache. These vulnerabilities could be exploited remotely resulting in cross site scripting XSS, Denial of Service DoS, or execution of...

CVE-2003-1339

Stack-based buffer overflow in eZnet.exe, as used in eZ a eZphotoshare, b eZmeeting, c eZnetwork, and d eZshare allows remote attackers to cause a denial of service crash or execute arbitrary code, as demonstrated via 1 a long GET request and 2 a long operation or autologin parameter to...

CVE-2003-1339

CVE-2003-1339 describes a stack-based buffer overflow in eZnet.exe used by eZ products (eZphotoshare, eZmeeting, eZnetwork, eZshare). The vulnerability allows remote attackers to crash or execute arbitrary code, demonstrated via long GET requests and long parameters to SwEzModule.dll. Affected sc...

CVE-2003-1337

Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request...

CVE-2007-5020

Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher...

CVE-2007-0062

CVE-2007-0062: The vulnerability affects ISC DHCPD 3.0.x (before 3.0.7) and 3.1.x (before 3.1.1), plus the DHCP servers in VMware Workstation/Player, ACE, and related products. It is caused by a stack-based buffer overflow triggered by a malformed DHCP packet with a large dhcp-max-message-size, p...

Stack overflow

Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211...

CVE-2007-4750

Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension...