Total
6109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3298 | 1 Social Engine | 1 Social Engine | 2025-04-09 | N/A |
| SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. | ||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | ||||
| CVE-2009-3065 | 1 Rein Velt | 1 Vedit | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter. | ||||
| CVE-2006-7181 | 1 Morcego Cms | 1 Morcego Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker | ||||
| CVE-2008-3001 | 1 Drupal | 1 Aggregation Module | 2025-04-09 | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | ||||
| CVE-2008-2885 | 1 Odars | 1 Odars | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in src/browser/resource/categories/resource_categories_view.php in Open Digital Assets Repository System (ODARS) 1.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CLASSES_ROOT parameter. | ||||
| CVE-2008-2772 | 1 Drupal | 1 Magic Tabs Module | 2025-04-09 | N/A |
| The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks." | ||||
| CVE-2008-2769 | 1 Phpraider | 1 Phpraider | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter. | ||||
| CVE-2008-2497 | 1 Mambo-foundation | 1 Mambo | 2025-04-09 | N/A |
| CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2008-2341 | 1 Avalonnet | 1 News Manager | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | ||||
| CVE-2008-2284 | 1 Fusebox | 1 Fusebox | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2253 | 1 Microsoft | 3 Windows-nt, Windows Media Player, Windows Xp | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." | ||||
| CVE-2008-2224 | 1 Sazcart | 1 Sazcart | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php. | ||||
| CVE-2008-2160 | 1 Microsoft | 1 Windows Embedded Compact | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. | ||||
| CVE-2008-2016 | 1 Chilkat Software | 1 Chicomas | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | ||||
| CVE-2008-1963 | 1 Quate | 1 Grape Web Statistics | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. | ||||
| CVE-2007-6089 | 1 Mebiblio | 1 Mebiblio | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | ||||
| CVE-2008-1770 | 1 Akamai | 1 Download Manager | 2025-04-09 | N/A |
| CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | ||||
| CVE-2008-1370 | 1 Wildmary | 1 Yap Blog | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1368 | 1 Microsoft | 1 Internet Explorer | 2025-04-09 | N/A |
| CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. | ||||