Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.

Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.

Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.

PHP remote file inclusion vulnerability in admin/admin_album_otf.php in the MX Smartor Full Album Pack (FAP) 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.

Foxit Reader 2.0 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document.

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.

Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the acc parameter.

SQL injection vulnerability in index.php in PHP-Ring Webring System (aka uPHP_ring_website) 0.9 allows remote attackers to execute arbitrary SQL commands via the ring parameter.

Unrestricted file upload vulnerability in forum_write.php in Maran PHP Forum allows remote attackers to upload and execute arbitrary PHP files via a trailing %00 in a filename in the page parameter.

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter, a different product and vector than CVE-2005-0748.

Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted WMV file.

Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.

Multiple unspecified vulnerabilities in Objective Development Sharity before 3.3 allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Stack-based buffer overflow in the Microgaming Download Helper ActiveX control (dlhelper.dll) before 7.2.0.19, and the WebHandler Class control, allows remote attackers to execute arbitrary code via unspecified vectors.

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.