Total
6195 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6539 | 1 Holger Schurig | 1 Destar | 2025-04-09 | N/A |
| Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter. | ||||
| CVE-2009-3814 | 1 Runcms | 1 Runcms | 2025-04-09 | N/A |
| Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters. | ||||
| CVE-2008-3575 | 1 Ezcontents | 1 Ezcontents Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132. | ||||
| CVE-2007-5215 | 1 Jacob Hinkle | 1 Godsend | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal. | ||||
| CVE-2008-6983 | 1 Devalcms | 1 Devalcms | 2025-04-09 | N/A |
| modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php. | ||||
| CVE-2008-6902 | 1 2532gigs | 1 2532gigs | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/. | ||||
| CVE-2008-5227 | 1 Phpcow | 1 Phpcow | 2025-04-09 | N/A |
| Unspecified vulnerability in PHPCow allows remote attackers to execute arbitrary code via unknown vectors, related to a "file inclusion vulnerability," as exploited in the wild in November 2008. | ||||
| CVE-2008-6849 | 1 W2b | 1 Phpgreetcards | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php. | ||||
| CVE-2008-6807 | 1 Ibiblio | 1 Osprey | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0a4.1 allows remote attackers to execute arbitrary PHP code via a URL in the xml_dir parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the lib_dir vector is already covered by CVE-2006-6630. | ||||
| CVE-2008-6773 | 1 Peterselie | 1 Yourplace | 2025-04-09 | N/A |
| Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters. | ||||
| CVE-2008-6740 | 1 Homap | 1 Homap | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. | ||||
| CVE-2007-5224 | 1 Jimmac | 1 Original Photo Gallery | 2025-04-09 | N/A |
| inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call. | ||||
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2025-04-09 | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2007-5271 | 1 Trionic | 1 Cite Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS 1.2 rev9 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the bField[bf_data] parameter to (1) interface/editors/-custom.php or (2) interface/editors/custom.php. | ||||
| CVE-2007-5995 | 1 Php-tools | 1 Patbbcode | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter. | ||||
| CVE-2007-3899 | 1 Microsoft | 2 Office, Word | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability." | ||||
| CVE-2008-2638 | 1 1-script | 1 1-book | 2025-04-09 | N/A |
| Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. | ||||
| CVE-2007-1153 | 1 Cutephp | 1 Cutenews | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445. | ||||
| CVE-2008-1381 | 1 Zoneminder | 1 Zoneminder | 2025-04-09 | N/A |
| ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. | ||||
| CVE-2008-6956 | 1 Infireal | 1 Mxcamarchive | 2025-04-09 | N/A |
| Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information. | ||||