Total
6195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-2016 | 1 Chilkat Software | 1 Chicomas | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | ||||
| CVE-2007-4640 | 1 Pakupaku | 1 Pakupaku Cms | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | ||||
| CVE-2008-1926 | 2 Linux, Redhat | 2 Util-linux, Enterprise Linux | 2025-04-09 | N/A |
| Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | ||||
| CVE-2008-1466 | 1 W-agora | 1 W-agora | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6022 | 1 Xnova | 1 Xnova | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter. | ||||
| CVE-2008-6315 | 1 Phpmygallery | 1 Phpmygallery | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316. | ||||
| CVE-2008-1860 | 1 Lokicms | 1 Lokicms | 2025-04-09 | N/A |
| Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter. | ||||
| CVE-2008-1074 | 1 Group E | 1 Group E | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter. | ||||
| CVE-2008-1081 | 1 Opera | 1 Opera Browser | 2025-04-09 | N/A |
| Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties. | ||||
| CVE-2009-0901 | 1 Microsoft | 3 Visual C\+\+, Visual Studio, Visual Studio .net | 2025-04-09 | N/A |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||||
| CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | ||||
| CVE-2009-3464 | 1 Adobe | 1 Shockwave Player | 2025-04-09 | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-3465 | 1 Adobe | 1 Shockwave Player | 2025-04-09 | N/A |
| Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-6105 | 1 Talkback | 1 Talkback | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. | ||||
| CVE-2007-6082 | 1 Sciurus | 1 Sciurus Hosting Panel | 2025-04-09 | N/A |
| Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php. | ||||
| CVE-2008-1435 | 1 Microsoft | 2 Windows-nt, Windows Vista | 2025-04-09 | N/A |
| Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability." | ||||
| CVE-2008-1214 | 2 Linux, Numara | 2 Linux Kernel, Footprints | 2025-04-09 | N/A |
| MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1170 | 1 Kcwiki | 1 Kcwiki | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. | ||||
| CVE-2008-1136 | 1 Synce | 1 Synce | 2025-04-09 | N/A |
| The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679. | ||||
| CVE-2008-1089 | 1 Microsoft | 2 Office, Visio | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." | ||||