PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFG_PHPGIGGLE_ROOT parameter.

SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.

SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.

P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.

Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.

Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via (1) an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and (2) an untrusted passthru call in the iz parameter to wp-includes/theme.php.

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and earlier allows remote attackers to bypass authentication and obtain unauthorized email access via unspecified vectors.

Directory traversal vulnerability in the delete function in IMCE before 1.6, a Drupal module, allows remote authenticated users to delete arbitrary files via ".." sequences.

Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal module, allows remote authenticated users to upload arbitrary PHP code via a filename with a double extension such as .php.gif.

Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.

Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.