Vulnerabilities (CVE)

Filtered by CWE-94
Total 6417 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-5922 1 Cfagcms 1 Cfagcms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
CVE-2008-5920 1 Tigris 1 Websvn 2026-06-16 7.5 HIGH N/A
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
CVE-2008-5866 1 Proxim 1 Tsunami Mp.11 2411 2026-06-16 10.0 HIGH N/A
The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.
CVE-2008-5801 1 Typo3 1 Dictionary Extension 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
CVE-2008-5793 2 Joomla, Recly 2 Joomla, Clickheat-heatmap 2026-06-16 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php.
CVE-2008-5792 1 Indisguise 1 Indiscripts Enthusiast 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
CVE-2008-5790 2 Joomla, Recly 2 Joomla, Competitions 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
CVE-2008-5789 2 Joomla, Recly 2 Joomla, Interactive Feederator 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php.
CVE-2008-5764 1 2500mhz 1 Worksimple 2026-06-16 9.3 HIGH N/A
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2008-5763 1 Mariovaldez 1 Simple Text-file Login Script 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
CVE-2008-5750 1 Microsoft 2 Internet Explorer, Windows Xp 2026-06-16 6.8 MEDIUM N/A
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
CVE-2008-5749 2 Google, Microsoft 2 Chrome, Windows Xp 2026-06-16 6.8 MEDIUM N/A
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
CVE-2008-5694 1 Sandbox 1 Sandbox 2026-06-16 10.0 HIGH N/A
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
CVE-2008-5671 1 Joomla 1 Joomla 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2008-5619 1 Roundcube 1 Webmail 2026-06-16 10.0 HIGH N/A
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
CVE-2008-5585 1 Lcxbbportal 1 Lcxbbportal 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php.
CVE-2008-5577 1 Scssboard 1 Scssboard 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.
CVE-2008-5517 1 Git 1 Git 2026-06-16 7.5 HIGH N/A
The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object.
CVE-2008-5499 2 Adobe, Linux 2 Flash Player For Linux, Linux Kernel 2026-06-16 9.3 HIGH N/A
Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, and 9.0.151.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file.
CVE-2008-5334 1 Nitrotech 1 Nitrotech 2026-06-16 10.0 HIGH N/A
PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.