Total
6110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0376 | 1 Softpedia | 1 Small Axe Weblog | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. | ||||
| CVE-2008-1170 | 1 Kcwiki | 1 Kcwiki | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. | ||||
| CVE-2008-3022 | 1 Phpbbportal | 1 Phportal | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters. | ||||
| CVE-2009-3822 | 2 Fijiwebdesign, Joomla | 2 Com Ajaxchat, Joomla\! | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php. | ||||
| CVE-2007-5390 | 1 Picoflat Cms | 1 Picoflat Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter. | ||||
| CVE-2009-0223 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | ||||
| CVE-2007-3303 | 1 Apache | 1 Http Server | 2025-04-09 | N/A |
| Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments. | ||||
| CVE-2008-1505 | 2 Joomla, Sstreamtv | 2 Joomla, Custompages | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php. | ||||
| CVE-2008-0300 | 1 Mapbender | 1 Mapbender | 2025-04-09 | N/A |
| mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. | ||||
| CVE-2007-6029 | 1 Clam Anti-virus | 1 Clamav | 2025-04-09 | N/A |
| Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. | ||||
| CVE-2007-5271 | 1 Trionic | 1 Cite Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php. | ||||
| CVE-2008-0202 | 1 Expressionengine | 1 Expressionengine | 2025-04-09 | N/A |
| CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter. | ||||
| CVE-2008-0118 | 1 Microsoft | 1 Office | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| CVE-2008-1893 | 1 W2b | 1 Online Banking | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter. | ||||
| CVE-2008-5793 | 2 Joomla, Recly | 2 Joomla, Clickheat-heatmap | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. | ||||
| CVE-2008-5866 | 1 Proxim | 1 Tsunami Mp.11 2411 | 2025-04-09 | N/A |
| The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables. | ||||
| CVE-2008-2128 | 1 Cms Faethon | 1 Cms Faethon | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185. | ||||
| CVE-2006-5865 | 1 Damien Benier | 1 Myalbum | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter. | ||||
| CVE-2008-2383 | 2 Invisible-island, Redhat | 2 Xterm, Enterprise Linux | 2025-04-09 | N/A |
| CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. | ||||
| CVE-2007-5178 | 1 Mxbb | 1 Mx Glance | 2025-04-09 | N/A |
| contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter. | ||||