Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0986 | 1 Jupiter Cms | 1 Jupiter Cms | 2025-04-09 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. | |||||
| CVE-2008-2841 | 2 Microsoft, Xchat | 3 Internet Explorer, Windows Nt, Xchat | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | |||||
| CVE-2007-6412 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | |||||
| CVE-2007-4169 | 1 Vgallite | 1 Vgallite | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 1 because the applicable include_once is located in a function that is not called on a direct request, and because $dirpath is an argument to this function. CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable | |||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | |||||
| CVE-2009-2637 | 2 Joomla, Ordasoft | 2 Joomla, Com Booklibrary | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-2095 | 1 Mundi King | 1 Mundi Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files. | |||||
| CVE-2009-2497 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." | |||||
| CVE-2007-0499 | 1 Sangwan Kim | 1 Phpindexpage | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter. | |||||
| CVE-2007-5054 | 1 Izicontents | 1 Izicontents | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in iziContents 1 RC6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the gsLanguage parameter to (1) search/search.php, (2) poll/inlinepoll.php, (3) poll/showpoll.php, (4) links/showlinks.php, or (5) links/submit_links.php in modules/. | |||||
| CVE-2009-0160 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | |||||
| CVE-2007-4818 | 1 Txx Cms | 1 Txx Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4) mail/mailbox.php in modules/. | |||||
| CVE-2007-6585 | 1 Nmnnewsletter | 1 Nmnnewsletter | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter. | |||||
| CVE-2009-2641 | 1 Rich White | 1 School Data Nav | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2006-5301 | 1 Phpbb | 1 Spamblockermod | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-4466 | 1 Electronic Arts | 1 Snoopyctrl | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters. | |||||
| CVE-2008-5334 | 1 Nitrotech | 1 Nitrotech | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2007-0862 | 1 Gnopaste | 1 Gnopaste | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable | |||||
| CVE-2009-1677 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php. | |||||
| CVE-2008-6935 | 1 Joe Fuhrman | 1 Exodus | 2025-04-09 | 10.0 HIGH | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI. | |||||