Design/Logic Flaw

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...

CVE-2009-2263

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathnam...

CVE-2007-6233

CVE-2007-6233 affects FTP Admin 0.1.0. The vulnerability is a directory traversal in index.php, where a .. in the page parameter can cause local file inclusion/execution. This could allow an authenticated remote user to include/execute arbitrary local files; in some environments, UNC share paths ...

CVE-2007-6129

CVE-2007-6129 affects Amber Script 1.0, where a directory traversal flaw in scripts/include/show_content.php allows remote attackers to include and execute arbitrary local files by supplying a .. in the id parameter. In some environments, this can enable remote file inclusion via UNC share paths ...

Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities

Code exectuion with invalid encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution...