Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.

The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Untrusted search path vulnerability in Lhasa 0.19 and earlier allows local users to gain privileges via a Trojan horse executable file in the current working directory.

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.

Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive.

Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.

Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.

Lhaz 1.33 allows remote attackers to execute arbitrary code via unknown vectors, as actively exploited in August 2007 by the Exploit-LHAZ.a gzip file, a different issue than CVE-2006-4116.