Multiple directory traversal vulnerabilities in CoronaMatrix phpAddressBook 2.11 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php and (2) install.php. NOTE: it was later reported that vector 1 is also present in 2.0.

Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.

Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.

Matrix CGI vault Last Lines 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the $error_log variable.