pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.

PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.

Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.

PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.

SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.

Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.

SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated users to cause a denial of service (application crash) via a long string in an APPE command.