Total
5718 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3365 | 1 Traza | 1 Aurora | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in add-ons/modules/sysmanager/plugins/install.plugin.php in Aurora CMS 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the AURORA_MODULES_FOLDER parameter. | |||||
| CVE-2007-4038 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-09 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | |||||
| CVE-2009-2399 | 1 Dutchmonkey | 1 Dm Filemanager | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter. | |||||
| CVE-2008-5066 | 1 Agaresmedia | 1 Themesitescript | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. | |||||
| CVE-2008-1760 | 1 Blogator-script | 1 Blogator-script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include. | |||||
| CVE-2009-1698 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2007-5173 | 2 Openid, Phpbb | 2 Openid, Phpbb | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter. | |||||
| CVE-2008-3285 | 1 Alain Barbet | 1 Filesys Smbclientparser | 2025-04-09 | 9.3 HIGH | N/A |
| The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters. | |||||
| CVE-2007-5390 | 1 Picoflat Cms | 1 Picoflat Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter. | |||||
| CVE-2009-1230 | 1 Podcast Generator | 1 Podcast Generator | 2025-04-09 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action. | |||||
| CVE-2008-1170 | 1 Kcwiki | 1 Kcwiki | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. | |||||
| CVE-2006-7181 | 1 Morcego Cms | 1 Morcego Cms | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker | |||||
| CVE-2007-1093 | 4 Hitachi, Hp, Microsoft and 1 more | 12 Cm2-network Node Manager, Cm2-network Node Manager 250, Hi Ux We2 and 9 more | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. | |||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2009-1128 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129. | |||||
| CVE-2007-4187 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | |||||
| CVE-2008-6023 | 1 Xnova | 1 Xnova | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter. | |||||
| CVE-2007-5175 | 1 Actsite | 1 Actsite | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter. | |||||
| CVE-2009-0530 | 1 Electrictoad | 1 Snippetmaster Webpage Editor | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php. | |||||
| CVE-2007-4906 | 1 Nuclearbb | 1 Nuclearbb | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tasks/send_queued_emails.php in NuclearBB Alpha 2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||