Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1776 | 1 Phpblock | 1 Phpblock | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.
|
|||||
| CVE-2008-6761 | 1 China-on-site | 1 Flexcustomer0.0.6 | 2025-04-09 | 10.0 HIGH | N/A |
|
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
|
|||||
| CVE-2007-3303 | 1 Apache | 1 Http Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
|
|||||
| CVE-2008-1060 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
|
|||||
| CVE-2007-1446 | 1 Danny Ho | 1 Oes | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/.
|
|||||
| CVE-2006-5390 | 1 Phpbb | 1 Acp User Registration Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
|
|||||
| CVE-2009-3323 | 1 Robig | 1 Barosmini | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/.
|
|||||
| CVE-2008-1860 | 1 Lokicms | 1 Lokicms | 2025-04-09 | 9.3 HIGH | N/A |
|
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
|
|||||
| CVE-2008-1381 | 1 Zoneminder | 1 Zoneminder | 2025-04-09 | 7.5 HIGH | N/A |
|
ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.
|
|||||
| CVE-2008-5288 | 1 Scripts4you | 1 Faq Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter.
|
|||||
| CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
|
|||||
| CVE-2007-5216 | 1 E-ark | 1 E-ark | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.
|
|||||
| CVE-2009-3850 | 1 Blender | 1 Blender | 2025-04-09 | 9.3 HIGH | N/A |
|
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
|
|||||
| CVE-2007-2199 | 4 Cjg Explorer Pro, Joomla, Nx and 1 more | 4 Cjg Explorer Pro, Joomla, N X Wcms and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.
|
|||||
| CVE-2008-0567 | 1 Chronoengine | 1 Chronoforms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/.
|
|||||
| CVE-2007-4525 | 1 Spip | 1 Spip | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function
|
|||||
| CVE-2008-2220 | 1 Interact | 1 Interact | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.
|
|||||
| CVE-2008-4529 | 1 Asicms | 1 Asicms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and ...
Show More |
|||||
| CVE-2008-6545 | 1 Comscripts | 1 Web Server Creator Web Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2185 | 1 Supasite | 1 Supasite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.
|
|||||
| CVE-2006-6887 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1512 | 1 Keir Davis | 1 X-forum | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
|
|||||
| CVE-2025-26818 | 1 Netwrix | 1 Password Secure | 2025-04-08 | N/A | 9.8 CRITICAL |
|
Netwrix Password Secure through 9.2 allows command injection.
|
|||||
| CVE-2025-3326 | 1 Iteaj | 1 Iboot | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3327 | 1 Iteaj | 1 Iboot | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-23186 | 2025-04-08 | N/A | 8.5 HIGH | ||
|
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.
|
|||||
| CVE-2025-3393 | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability was found in mrcen springboot-ucan-admin up to 5f35162032cbe9288a04e429ef35301545143509. It has been classified as problematic. This affects an unknown part of the file /ucan-admin/index of the component Personal Settings Interface. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected r ...
Show More |
|||||
| CVE-2025-31330 | 2025-04-08 | N/A | 9.9 CRITICAL | ||
|
SAP Landscape Transformation (SLT) allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
|
|||||
| CVE-2025-27429 | 2025-04-08 | N/A | 9.9 CRITICAL | ||
|
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
|
|||||
| CVE-2025-30013 | 2025-04-08 | N/A | 6.7 MEDIUM | ||
|
SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application.
|
|||||
| CVE-2025-3297 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-08 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2024-27705 | 1 Leantime | 1 Leantime | 2025-04-08 | N/A | 7.6 HIGH |
|
Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via upload of crafted PDF file to the files/browse endpoint.
|
|||||
| CVE-2024-27476 | 1 Leantime | 1 Leantime | 2025-04-08 | N/A | 4.7 MEDIUM |
|
Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.
|
|||||
| CVE-2024-22722 | 1 Formtools | 1 Form Tools | 2025-04-08 | N/A | 7.2 HIGH |
|
Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.
|
|||||
| CVE-2024-26483 | 1 Getkirby | 1 Kirby | 2025-04-08 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.
|
|||||
| CVE-2023-22853 | 1 Tiki | 1 Tiki | 2025-04-07 | N/A | 8.8 HIGH |
|
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval.
|
|||||
| CVE-2025-3152 | 2025-04-07 | 4.0 MEDIUM | 3.5 LOW | ||
|
A vulnerability classified as problematic has been found in caipeichao ThinkOX 1.0. This affects an unknown part of the file /ThinkOX-master/index.php?s=/Weibo/Index/search.html of the component Search. The manipulation of the argument keywords leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-45199 | 2025-04-07 | N/A | 8.8 HIGH | ||
|
insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.
|
|||||
| CVE-2025-3157 | 2025-04-07 | 3.3 LOW | 2.4 LOW | ||
|
A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The vendor was contacted early about this issue and explains that the latest version is not affected.
|
|||||
| CVE-2024-45198 | 2025-04-07 | N/A | 8.8 HIGH | ||
|
insightsoftware Spark JDBC 2.6.21 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution.
|
|||||