Search Results (6961 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6412 1 Bitweaver 1 Bitweaver 2026-04-23 N/A
Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action.
CVE-2007-5663 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2026-04-23 N/A
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
CVE-2007-5390 1 Picoflat Cms 1 Picoflat Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in PicoFlat CMS 0.4.14 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pagina parameter.
CVE-2007-5315 1 Softpedia 1 Livealbum 2026-04-23 N/A
PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
CVE-2009-2809 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
CVE-2007-5607 1 Hp 1 Instant Support 2026-04-23 N/A
Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606.
CVE-2009-4431 2 Anything-digital, Joomla 2 Com Jcalpro, Joomla\! 2026-04-23 N/A
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5423 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-23 N/A
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2009-2736 1 Sun-jester 1 Opennews 2026-04-23 N/A
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.
CVE-2007-4907 1 Qualiteam 1 X-cart 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php, (2) prepare.php, (3) smarty.php, (4) customer/product.php, (5) provider/auth.php, and (6) admin/auth.php.
CVE-2007-5388 1 Webdesktop 1 Webdesktop 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) app parameter to apps/apps.php and the (2) wsk parameter to wsk/wsk.php.
CVE-2008-1903 1 Newanz 1 Newsoffice 2026-04-23 N/A
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter.
CVE-2007-5138 1 Lustig 1 Lustig.cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter.
CVE-2009-2637 2 Joomla, Ordasoft 2 Joomla, Com Booklibrary 2026-04-23 N/A
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5298 1 Creamotion 1 Creamotion 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.
CVE-2007-5173 2 Openid, Phpbb 2 Openid, Phpbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2008-4798 1 Webgui 1 Webgui 2026-04-23 N/A
The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.
CVE-2006-3864 1 Microsoft 3 Office, Project, Visio 2026-04-23 N/A
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
CVE-2007-4342 1 Phpcentral 1 Login 2026-04-23 N/A
PHP remote file inclusion vulnerability in include.php in PHPCentral Login 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. NOTE: a third party disputes this vulnerability because of the special nature of the SERVER superglobal array.
CVE-2009-2270 1 Dedecms 1 Dedecms 2026-04-23 N/A
Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.