Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2884 | 1 Rss Aggregator | 1 Rss Aggregator | 2025-04-09 | 9.3 HIGH | N/A |
|
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6066 | 1 Meet\#web | 1 Meet\#web | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0442 | 1 Small Axe Solutions | 1 Weblog | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the ffile parameter, a different vector than CVE-2008-0376. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6229 | 1 Rayzz | 1 Rayzz Script | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter.
|
|||||
| CVE-2008-1089 | 1 Microsoft | 2 Office, Visio | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
|
|||||
| CVE-2009-0390 | 1 Enomaly | 1 Elastic Computing Platform | 2025-04-09 | 7.2 HIGH | N/A |
|
Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.
|
|||||
| CVE-2008-1171 | 1 Phpbb | 1 123 Flash Chat Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs
|
|||||
| CVE-2008-0076 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
|
|||||
| CVE-2009-0674 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | 6.0 MEDIUM | N/A |
|
images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames.
|
|||||
| CVE-2008-4138 | 1 Technote | 1 Technote | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
|
|||||
| CVE-2006-6975 | 1 Centipaid | 1 Centipaid | 2025-04-09 | 5.1 MEDIUM | 9.8 CRITICAL |
|
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.3 allows remote attackers to execute arbitrary code via a URL in the class_pwd parameter. NOTE: this issue has been disputed by CVE and multiple third parties, who state that $class_pwd is set to a static value before the relevant include statement
|
|||||
| CVE-2008-1370 | 1 Wildmary | 1 Yap Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5841 | 1 Nuboard | 1 Nuboard | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
|
|||||
| CVE-2008-2270 | 1 Phpway | 1 Kostenloses Linkmanagementscript | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php.
|
|||||
| CVE-2008-1067 | 1 Phpqladmin | 1 Phpqladmin | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.
|
|||||
| CVE-2008-2877 | 1 Cmsworks | 1 Cmsworks | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
|
|||||
| CVE-2009-3128 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
|
|||||
| CVE-2008-2841 | 2 Microsoft, Xchat | 3 Internet Explorer, Windows Nt, Xchat | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
|
|||||
| CVE-2008-5694 | 1 Sandbox | 1 Sandbox | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
|
|||||
| CVE-2007-6029 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
|
|||||
| CVE-2008-2638 | 1 1-script | 1 1-book | 2025-04-09 | 10.0 HIGH | N/A |
|
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
|
|||||
| CVE-2009-3705 | 1 Achievo | 1 Achievo | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
|
|||||
| CVE-2008-1038 | 1 Drbenhur.com | 1 Dbhcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.
|
|||||
| CVE-2007-6550 | 1 Pmos Helpdesk | 1 Pmos Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
|
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
|
|||||
| CVE-2008-2341 | 1 Avalonnet | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter.
|
|||||
| CVE-2009-3541 | 1 Phpgenealogy | 1 Phpgenealogy | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
|
|||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
|
|||||
| CVE-2008-4439 | 1 Martinwood | 1 Datafeed Studio | 2025-04-09 | 10.0 HIGH | N/A |
|
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2826 | 1 Madirish Webmail | 1 Madirish Webmail | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
|
|||||
| CVE-2008-6221 | 2 Dadamailproject, Joomla | 2 Dada Mail Manager, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
|
|||||
| CVE-2007-4551 | 1 Agares Media | 1 Arcadem | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter.
|
|||||
| CVE-2007-4921 | 1 Ajax | 1 File Browser | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter.
|
|||||
| CVE-2008-0804 | 1 Thecus | 1 N5200pro Nas Server Control Panel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.
|
|||||
| CVE-2008-4206 | 1 Attachmax | 1 Dolphin | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
|
|||||
| CVE-2008-3956 | 1 Microsoft | 1 Organization Chart | 2025-04-09 | 9.3 HIGH | N/A |
|
orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
|
|||||
| CVE-2009-1539 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
|
The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
|
|||||
| CVE-2007-5163 | 1 Nexty | 1 Nexty | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
|
|||||
| CVE-2007-4815 | 1 Markus Iser | 1 Ed Engine | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.
|
|||||
| CVE-2009-4312 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
|
|||||
| CVE-2007-6706 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.
|
|||||