Nine

Name of the Vulnerable Software and Affected Versions: DokuWiki versions 2009-02-14, rc2009-02-06, and rc2009-01-30 Description: The issue allows remote attackers to include and execute arbitrary local files. This can be achieved via the `config cascade[main][default][]` parameter to "doku.php". Additionally, PHP remote file inclusion is possible in PHP 5 using "ftp://" URLs. Recommendations: For DokuWiki versions 2009-02-14, rc2009-02-06, and rc2009-01-30, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the "doku.php" endpoint and avoid using the `config cascade[main][default][]` parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** muvee autoProducer versions 6.0 and 6.1 **Description** The issue is related to a buffer overflow in the DXTTextOutEffect ActiveX control, which can be exploited by remote attackers to execute arbitrary code. This is achieved by providing a long value for the `FontSetting` property. **Recommendations** For muvee autoProducer version 6.0, update to a version that fixes the buffer overflow issue in the DXTTextOutEffect ActiveX control. For muvee autoProducer version 6.1, update to a version that fixes the buffer overflow issue in the DXTTextOutEffect ActiveX control. As a temporary workaround, consider restricting access to the DXTTextOutEffect ActiveX control to minimize the risk of exploitation.