Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5234 | 1 Ossigeno | 1 Ossigeno | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
|
|||||
| CVE-2007-4907 | 1 Qualiteam | 1 X-cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.
|
|||||
| CVE-2007-6396 | 1 Myupb | 1 Flat Php Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
|
|||||
| CVE-2008-6513 | 1 Aphpkb | 1 Aphpkb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
|
|||||
| CVE-2008-1511 | 1 Oocomments | 1 Oocomments | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6491 | 1 Denis Moinel | 1 Phpgkit | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2218 | 1 David Degner | 1 Phpcollegeexchange | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue.
|
|||||
| CVE-2009-3065 | 1 Rein Velt | 1 Vedit | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.
|
|||||
| CVE-2009-4115 | 1 Cutephp | 1 Cutenews | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple static code injection vulnerabilities in the Categories module in CutePHP CuteNews 1.4.6 allow remote authenticated users with application administrative privileges to inject arbitrary PHP code into data/category.db.php via the (1) category and (2) Icon URL fields; or (3) inject arbitrary PHP code into data/ipban.php via the add_ip parameter.
|
|||||
| CVE-2008-1074 | 1 Group E | 1 Group E | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.
|
|||||
| CVE-2008-1086 | 1 Microsoft | 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
|
|||||
| CVE-2007-5741 | 1 Plone | 1 Plone | 2025-04-09 | 7.5 HIGH | N/A |
|
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
|
|||||
| CVE-2008-3592 | 1 21degrees | 1 Symphony | 2025-04-09 | 8.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/.
|
|||||
| CVE-2006-6504 | 2 Canonical, Mozilla | 3 Ubuntu Linux, Firefox, Seamonkey | 2025-04-09 | 9.3 HIGH | N/A |
|
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
|
|||||
| CVE-2008-2883 | 1 Jamroom | 1 Jamroom | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4673 | 1 Webbiscuits | 1 Events Calendar | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
|
|||||
| CVE-2007-6614 | 1 Agares Media | 1 Phpautovideo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542.
|
|||||
| CVE-2009-4210 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
|
|||||
| CVE-2009-0955 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
|
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
|
|||||
| CVE-2007-5705 | 1 Jeeblestechnology | 1 Jeebles Directory | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6902 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/.
|
|||||
| CVE-2008-6849 | 1 W2b | 1 Phpgreetcards | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php.
|
|||||
| CVE-2008-2390 | 1 Hp | 1 Software Update | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
|
|||||
| CVE-2007-6339 | 1 Akamai Technologies | 1 Download Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."
|
|||||
| CVE-2008-6958 | 1 Comsenz | 1 Crossday Discuz\! Board | 2025-04-09 | 6.5 MEDIUM | N/A |
|
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
|
|||||
| CVE-2007-4955 | 1 Joomla | 1 Flash Fun Component | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
|
|||||
| CVE-2008-5619 | 1 Roundcube | 1 Webmail | 2025-04-09 | 10.0 HIGH | N/A |
|
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
|
|||||
| CVE-2007-1581 | 1 Php | 1 Php | 2025-04-09 | 9.3 HIGH | N/A |
|
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected.
|
|||||
| CVE-2008-0143 | 1 Spacial Audio Solutions | 2 Sam Broadcaster, Samphpweb | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter.
|
|||||
| CVE-2009-2182 | 1 Campware.org | 1 Campsite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopubli ...
Show More |
|||||
| CVE-2007-5599 | 1 Awrate | 1 Awrate | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368.
|
|||||
| CVE-2007-5045 | 2 Apple, Mozilla | 2 Quicktime, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
|
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.
|
|||||
| CVE-2006-3650 | 1 Microsoft | 1 Office | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
|
|||||
| CVE-2009-0668 | 1 Zope | 1 Zodb | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.
|
|||||
| CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2025-04-09 | 7.5 HIGH | N/A |
|
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors.
|
|||||
| CVE-2008-6178 | 2 Fckeditor, Phplist | 2 Fckeditor, Phplist | 2025-04-09 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NO ...
Show More |
|||||
| CVE-2008-7067 | 1 Pagetreecms | 1 Page Tree Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
|
|||||
| CVE-2009-0464 | 1 Groonesworld | 1 Gbook | 2025-04-09 | 5.1 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
|
|||||
| CVE-2009-0238 | 1 Microsoft | 6 Excel, Excel Viewer, Office and 3 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.
|
|||||
| CVE-2009-3317 | 1 Thecodeweasel | 1 Opensiteadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648.
|
|||||