Total
4660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5453 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 8.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php. | |||||
| CVE-2009-0555 | 1 Microsoft | 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." | |||||
| CVE-2009-4220 | 1 Raphael Mazoyer | 1 Pointcomma | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter. | |||||
| CVE-2008-2645 | 1 Brim-project | 1 Brim | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||||
| CVE-2009-3760 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | 7.5 HIGH | N/A |
| Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6408 | 1 Brian Wilson | 1 Ol\'bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. | |||||
| CVE-2009-2218 | 1 David Degner | 1 Phpcollegeexchange | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to (1) i_head.php, (2) i_nav.php, (3) user_new_2.php, or (4) house/myrents.php; or (5) allbooks.php, (6) home.php, or (7) mybooks.php in books/. NOTE: house/myrents.php was also separately reported as a local file inclusion issue. | |||||
| CVE-2009-0084 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." | |||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2025-04-09 | 6.8 MEDIUM | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | |||||
| CVE-2008-0433 | 1 Agares Media | 1 Phpautovideo | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. | |||||
| CVE-2009-0820 | 1 Php.brickhost | 1 Phpscheduleit | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132. | |||||
| CVE-2009-0456 | 1 Sourdough | 1 Sourdough | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter. | |||||
| CVE-2007-4763 | 1 Tim Jackson | 1 Phpof | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter. | |||||
| CVE-2007-4244 | 1 Joomla | 1 J Reactions | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | |||||
| CVE-2008-2981 | 1 Homeph Design | 1 Homeph Design | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter. | |||||
| CVE-2009-3850 | 1 Blender | 1 Blender | 2025-04-09 | 9.3 HIGH | N/A |
| Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA. | |||||
| CVE-2007-5737 | 1 Ghlab | 1 Korean Ghboard | 2025-04-09 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in component/upload.jsp in Korean GHBoard allows remote attackers to upload arbitrary files via unspecified vectors, probably involving a direct request. | |||||
| CVE-2007-5053 | 1 Izicontents | 1 Izicontents | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in (1) the admin_home parameter to modules/poll/poll_summary.php or (2) the rootdp parameter to include/db.php; or a URL in the language_home parameter to (3) search/search.php, (4) poll/inlinepoll.php, (5) poll/showpoll.php, (6) links/showlinks.php, or (7) links/submit_links.php in modules/; related to missing checks in (a) modules/moduleSec.php and (b) include/includeSec.php for inclusion of certain URLs, as demonstrated by an ftps:// URL. | |||||
| CVE-2007-5387 | 1 Pindorama | 1 Pindorama | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in active/components/xmlrpc/client.php in Pindorama 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the c[components] parameter. | |||||
| CVE-2008-4704 | 1 Mitre | 1 Sezhoo | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | |||||