Vulnerabilities (CVE)

Filtered by CWE-94
Total 6425 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3188 1 David Frohlich 1 Phpsane 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter.
CVE-2009-3174 1 Odelao 1 Obophix 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in fonctions_racine.php in OBOphiX 2.7.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin_lib parameter.
CVE-2009-3134 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."
CVE-2009-3133 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
CVE-2009-3132 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability."
CVE-2009-3131 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."
CVE-2009-3128 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
CVE-2009-3127 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-06-16 9.3 HIGH N/A
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
CVE-2009-3114 1 Ibm 1 Lotus Notes 2026-06-16 7.5 HIGH N/A
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.
CVE-2009-3079 1 Mozilla 1 Firefox 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
CVE-2009-3077 1 Mozilla 1 Firefox 2026-06-16 9.3 HIGH N/A
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
CVE-2009-3065 1 Rein Velt 1 Vedit 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.
CVE-2009-3056 1 Bas Bloemsaat 1 Kingcms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[AdminPath] parameter.
CVE-2009-3055 1 Dlecms 1 Dle 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in engine/api/api.class.php in DataLife Engine (DLE) 8.2 allows remote attackers to execute arbitrary PHP code via a URL in the dle_config_api parameter.
CVE-2009-3019 1 Microsoft 3 Internet Explorer, Windows Vista, Windows Xp 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.
CVE-2009-2811 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 6.8 MEDIUM N/A
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
CVE-2009-2809 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 6.8 MEDIUM N/A
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
CVE-2009-2791 1 Webdynamite 1 Projectbutler 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
CVE-2009-2773 1 Shop-020 1 Php Paid 4 Mail Script 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-2769 1 Ultrize 1 Timesheet 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.