Total
5734 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2262 | 1 Sinato | 1 Jmuffin | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in html/php/detail.php in Sinato jmuffin allow remote attackers to execute arbitrary PHP code via a URL in the (1) relPath and (2) folder parameters. NOTE: this product was originally reported as "File117". | |||||
| CVE-2009-3465 | 1 Adobe | 1 Shockwave Player | 2025-04-09 | 9.3 HIGH | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0091 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." | |||||
| CVE-2008-0042 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | |||||
| CVE-2007-2319 | 1 Autostand Category | 1 Autostand Category | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/. | |||||
| CVE-2007-5089 | 1 Sk.log | 1 Sk.log | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter. | |||||
| CVE-2007-0983 | 1 Ansatheus | 1 At Contenator | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _admin/nav.php in AT Contenator 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the Root_To_Script parameter. | |||||
| CVE-2007-5783 | 1 Emagic-cms | 1 Emagic Cms.net | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | |||||
| CVE-2007-4466 | 1 Electronic Arts | 1 Snoopyctrl | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters. | |||||
| CVE-2008-1866 | 1 Pixel Motion | 1 Pixel Motion Blog | 2025-04-09 | 9.0 HIGH | N/A |
| admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request. | |||||
| CVE-2007-5185 | 1 Phpwcms-xt | 1 Phpwcms-xt | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/. | |||||
| CVE-2007-5102 | 1 Wordsmith | 1 Wordsmith | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter. | |||||
| CVE-2008-7042 | 1 Freshscripts | 1 Fresh Email Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter. | |||||
| CVE-2007-5056 | 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more | 6 Adodb Lite, Cms Made Simple, Journalness and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter. | |||||
| CVE-2009-3114 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 7.5 HIGH | N/A |
| The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. | |||||
| CVE-2008-3207 | 1 Pragyan | 1 Praygan Cms | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter. | |||||
| CVE-2008-1963 | 1 Quate | 1 Grape Web Statistics | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. | |||||
| CVE-2008-4911 | 1 Chattaitaliano | 1 Istant-replay | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter. | |||||
| CVE-2009-0222 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | |||||
| CVE-2008-2390 | 1 Hp | 1 Software Update | 2025-04-09 | 6.8 MEDIUM | N/A |
| Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument. | |||||