Total
5263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1958 | 1 Easyscripts | 1 Tr Script News | 2025-04-09 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | |||||
| CVE-2008-2341 | 1 Avalonnet | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | |||||
| CVE-2008-0300 | 1 Mapbender | 1 Mapbender | 2025-04-09 | 6.8 MEDIUM | N/A |
| mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. | |||||
| CVE-2008-5750 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | |||||
| CVE-2007-5573 | 1 Limesurvey | 1 Limesurvey | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | |||||
| CVE-2007-6539 | 1 Idevspot | 1 Isupport | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter. | |||||
| CVE-2007-5138 | 1 Lustig | 1 Lustig.cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. | |||||
| CVE-2007-5163 | 1 Nexty | 1 Nexty | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request | |||||
| CVE-2009-3954 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability." | |||||
| CVE-2007-3303 | 1 Apache | 1 Http Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments. | |||||
| CVE-2009-1144 | 3 Foolabs, Gentoo, Glyphandcog | 3 Xpdf, Gentoo Linux, Xpdfreader | 2025-04-09 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. | |||||
| CVE-2008-1043 | 1 Linux Web Shop | 1 Php User Base | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | |||||
| CVE-2007-6177 | 1 Php Con | 1 Php Con | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. | |||||
| CVE-2006-7046 | 1 Clan Manager Pro | 1 Clan Manager Pro | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5749 | 2 Google, Microsoft | 2 Chrome, Windows Xp | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission. | |||||
| CVE-2008-1965 | 1 Ibm | 2 Lotus Expeditor Client, Lotus Symphany | 2025-04-09 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. | |||||
| CVE-2009-4024 | 1 Pear | 1 Pear | 2025-04-09 | 10.0 HIGH | N/A |
| Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. | |||||
| CVE-2009-3065 | 1 Rein Velt | 1 Vedit | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter. | |||||
| CVE-2008-7073 | 2 Ekkaia, Rssmodule | 2 Pie Web, Rss Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter. | |||||
| CVE-2008-6099 | 1 Rportal | 1 Rportal | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter. | |||||