Launchpad.net

CVE 2008-2230

Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.

See the CVE page on Mitre.org for more details.