PHP remote file inclusion vulnerability in berylium-classes.php in Berylium2 2003-08-18 allows remote attackers to execute arbitrary PHP code via a URL in the beryliumroot parameter.
NVD-CWE-Other
CVE-2007-2532
Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.
CVE-2007-2533
Multiple buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2- Build 1174 allow remote attackers to execute arbitrary code via a crafted RPC message processed by the (1) the RPCFN_ActiveRollback function in (a) stcommon.dll, or the (2) ENG_SetRealTimeScanConfigInfo or (3) ENG_SendEmail functions in (b) eng50.dll.
CVE-2007-2534
** DISPUTED ** Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use.
CVE-2007-2535
WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.
CVE-2007-2536
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.