Total
5734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5402 | 1 Phpmybibli | 1 Phpmybibli | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files. | |||||
| CVE-2008-0743 | 1 Joovili | 1 Joovili | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter. | |||||
| CVE-2008-3435 | 1 Linkedin | 1 Browser Toolbar | 2025-04-09 | 7.5 HIGH | N/A |
| LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2009-0495 | 1 It747 | 1 Realtor 747 | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter. | |||||
| CVE-2008-5866 | 1 Proxim | 1 Tsunami Mp.11 2411 | 2025-04-09 | 10.0 HIGH | N/A |
| The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables. | |||||
| CVE-2008-1091 | 1 Microsoft | 3 Office, Office Compatibility Pack For Word Excel Ppt 2007, Word Viewer | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." | |||||
| CVE-2006-6086 | 1 E-ark | 1 E-ark | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | |||||
| CVE-2008-2832 | 1 Fullrevolution | 1 Aspwebcalendar2008 | 2025-04-09 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/. | |||||
| CVE-2008-5108 | 1 Adobe | 1 Adobe Air | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Adobe AIR 1.1 and earlier allows context-dependent attackers to execute untrusted JavaScript in an AIR application via unknown attack vectors. | |||||
| CVE-2008-2986 | 1 Phpdmca | 1 Phpdmca | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/. | |||||
| CVE-2007-5294 | 1 Idmos | 1 Idmos | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter. | |||||
| CVE-2009-3705 | 1 Achievo | 1 Achievo | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2009-4035 | 3 Gnome, Kde, Xpdf | 4 Gpdf, Kdegraphics, Kpdf and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. | |||||
| CVE-2008-6785 | 1 Galaxyscripts | 1 Mini File Host | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file. | |||||
| CVE-2009-1545 | 1 Microsoft | 4 Windows 2003 Server, Windows Server 2008, Windows Vista and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability." | |||||
| CVE-2008-4047 | 1 Novell | 1 Novell Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. | |||||
| CVE-2007-5147 | 1 Puzzle Apps Cms | 1 Puzzle Apps Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to (1) core/modules/my/my.module.php or (2) core/modules/xml/xml.module.php; the COREROOT parameter to (3) config.loader.php, (4) platform.loader.php, (5) core.loader.php, (6) person.loader.php, or (7) module.loader.php in core/ or (8) install/steps/step_3.php; or the THISDIR parameter to (9) people.lib.php, (10) general.lib.php, (11) content.lib.php, or (12) templates.lib.php in core/modules/admin/libs/ or (13) core/modules/webstat/MEC/index.php. | |||||
| CVE-2009-1960 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-09 | 9.3 HIGH | N/A |
| inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs. | |||||
| CVE-2008-0143 | 1 Spacial Audio Solutions | 2 Sam Broadcaster, Samphpweb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. | |||||
| CVE-2007-5054 | 1 Izicontents | 1 Izicontents | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/. | |||||