Vulnerabilities (CVE)

Filtered by CWE-94
Total 6407 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2883 1 Jamroom 1 Jamroom 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-2877 1 Cmsworks 1 Cmsworks 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
CVE-2008-2854 1 Orlando Cms 1 Orlando Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
CVE-2008-2841 2 Microsoft, Xchat 3 Internet Explorer, Windows Nt, Xchat 2026-06-16 6.8 MEDIUM N/A
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
CVE-2008-2836 1 K5n 1 Webcalendar 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in send_reminders.php in WebCalendar 1.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter and a 0 value for the noSet parameter, a different vector than CVE-2007-1483.
CVE-2008-2832 1 Fullrevolution 1 Aspwebcalendar2008 2026-06-16 10.0 HIGH N/A
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
CVE-2008-2772 1 Drupal 1 Magic Tabs Module 2026-06-16 7.5 HIGH N/A
The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks."
CVE-2008-2769 1 Phpraider 1 Phpraider 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.
CVE-2008-2690 1 Browsercrm 1 Browsercrm 2026-06-16 9.3 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2689 1 Browsercrm 1 Browsercrm 2026-06-16 10.0 HIGH N/A
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.
CVE-2008-2684 1 Blackice 1 Black Ice Barcode Sdk 2026-06-16 9.3 HIGH N/A
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.
CVE-2008-2649 1 Don3 1 Desktoponnet 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php.
CVE-2008-2645 1 Brim-project 1 Brim 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Brim (formerly Booby) 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter to template.tpl.php in (1) barrel/, (2) barry/, (3) mylook/, (4) oerdec/, (5) penguin/, (6) sidebar/, (7) slashdot/, and (8) text-only/ in templates/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2008-2638 1 1-script 1 1-book 2026-06-16 10.0 HIGH N/A
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
CVE-2008-2520 1 Bigace 1 Bigace 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423.
CVE-2008-2497 1 Mambo-foundation 1 Mambo 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2008-2481 1 Phpraider 1 Phpraider 2026-06-16 10.0 HIGH N/A
PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter.
CVE-2008-2480 1 Plusphp 1 Plusphp Short Url Multi-user Script 2026-06-16 10.0 HIGH N/A
PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter.
CVE-2008-2478 1 Cpanel 1 Cpanel 2026-06-16 8.5 HIGH N/A
scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel.
CVE-2008-2463 1 Microsoft 1 Office Snapshot Viewer Activex 2026-06-16 6.8 MEDIUM N/A
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.