Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4735 | 1 Coastal | 1 Coast | 2025-04-09 | 8.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter. | |||||
| CVE-2008-4720 | 1 Arzdev | 1 Gemini Portal | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php. | |||||
| CVE-2006-3456 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2025-04-09 | 8.5 HIGH | N/A |
| The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771. | |||||
| CVE-2007-6289 | 1 Iptel | 1 Serweb | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358. | |||||
| CVE-2009-1960 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-09 | 9.3 HIGH | N/A |
| inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs. | |||||
| CVE-2008-0118 | 1 Microsoft | 1 Office | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2009-2634 | 2 Joomla, Ordasoft | 2 Joomla, Com Medialibrary | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6373 | 1 Nagios | 1 Nagios | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | |||||
| CVE-2009-3133 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability." | |||||
| CVE-2009-2773 | 1 Shop-020 | 1 Php Paid 4 Mail Script | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2008-6223 | 1 Wotw | 1 Way Of The Warrior | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in visualizza.php in Way Of The Warrior (WOTW) 5.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plancia parameter to crea.php. | |||||
| CVE-2008-2832 | 1 Fullrevolution | 1 Aspwebcalendar2008 | 2025-04-09 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/. | |||||
| CVE-2009-1463 | 1 Razorcms | 1 Razorcms | 2025-04-09 | 7.5 HIGH | N/A |
| Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file. | |||||
| CVE-2007-0854 | 1 Cpanel | 1 Webhost Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents. | |||||
| CVE-2008-6635 | 1 Geody | 1 Dagger | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter. | |||||
| CVE-2008-2044 | 1 Netoffice | 1 Dwins | 2025-04-09 | 7.5 HIGH | N/A |
| includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | |||||
| CVE-2008-3435 | 1 Linkedin | 1 Browser Toolbar | 2025-04-09 | 7.5 HIGH | N/A |
| LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-7067 | 1 Pagetreecms | 1 Page Tree Cms | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter. | |||||
| CVE-2008-2497 | 1 Mambo-foundation | 1 Mambo | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-1712 | 1 Mx-system | 1 Mxbb | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||