The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.

display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.