Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5306 | 1 Phpbb | 1 Journals System Module | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php. | |||||
| CVE-2009-1064 | 2 Orbit Downloader, Orbitdownloader | 2 Orbit Downloader, Orbit Downloader | 2025-04-09 | 5.8 MEDIUM | N/A |
| Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | |||||
| CVE-2007-1446 | 1 Danny Ho | 1 Oes | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/. | |||||
| CVE-2009-0966 | 1 Yabsoft | 1 Mega File Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2007-2084 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/. NOTE: this issue has been disputed by a reliable third party, who states that $auth_method is defined before use | |||||
| CVE-2006-5621 | 1 Ask Rave | 1 Ask Rave | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. | |||||
| CVE-2009-2635 | 2 Joomla, Ordasoft | 2 Joomla, Com Realestatemanager | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-0994 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Seamonkey | 2025-04-09 | 6.8 MEDIUM | N/A |
| A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. | |||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | |||||
| CVE-2006-5310 | 2 J-pierre Dezelus, Phpmyconferences | 2 Les Visiteurs, Phpmyconferences | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | |||||
| CVE-2007-6585 | 1 Nmnnewsletter | 1 Nmnnewsletter | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter. | |||||
| CVE-2007-6706 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. | |||||
| CVE-2009-3174 | 1 Odelao | 1 Obophix | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter. | |||||
| CVE-2008-6287 | 1 Getmiro | 1 Broadcast Machine | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/. | |||||
| CVE-2008-7005 | 1 Minb | 1 Minb Is Not A Blog | 2025-04-09 | 7.5 HIGH | N/A |
| include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution. | |||||
| CVE-2006-6957 | 1 Docebo | 1 Docebo | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different. | |||||
| CVE-2009-0674 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | 6.0 MEDIUM | N/A |
| images/captcha.php in Raven Web Services RavenNuke 2.30, when register_globals and display_errors are enabled, allows remote attackers to determine the existence of local files by sending requests with full pathnames in the aFonts array parameter, and then observing the error messages, which differ between existing and nonexistent pathnames. | |||||
| CVE-2007-5453 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 8.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php. | |||||
| CVE-2009-0555 | 1 Microsoft | 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." | |||||
| CVE-2009-4220 | 1 Raphael Mazoyer | 1 Pointcomma | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter. | |||||