Search
Total
2052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2018-10-11 | 5.0 MEDIUM | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | |||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | |||||
| CVE-2008-6935 | 1 Joe Fuhrman | 1 Exodus | 2018-10-11 | 10.0 HIGH | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI. | |||||
| CVE-2008-5922 | 1 Cfagcms | 1 Cfagcms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters. | |||||
| CVE-2008-5866 | 1 Proxim | 1 Tsunami Mp.11 2411 | 2018-10-11 | 10.0 HIGH | N/A |
| The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables. | |||||
| CVE-2008-5619 | 1 Roundcube | 1 Webmail | 2018-10-11 | 10.0 HIGH | N/A |
| html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-5792 | 1 Indisguise | 1 Indiscripts Enthusiast | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue. | |||||
| CVE-2008-5694 | 1 Sandbox | 1 Sandbox | 2018-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox. | |||||
| CVE-2008-5749 | 2 Google, Microsoft | 2 Chrome, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission." | |||||
| CVE-2008-6099 | 1 Rportal | 1 Rportal | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter. | |||||
| CVE-2008-5750 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | |||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-5517 | 1 Git | 1 Git | 2018-10-11 | 7.5 HIGH | N/A |
| The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. | |||||
| CVE-2008-5090 | 1 Anelectron | 1 Advanced Electron Forum | 2018-10-11 | 10.0 HIGH | N/A |
| Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-4206 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | |||||
| CVE-2008-3922 | 1 Telartis Bv | 1 Awstats Totals | 2018-10-11 | 9.3 HIGH | N/A |
| awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function. | |||||
| CVE-2008-3882 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | |||||
| CVE-2008-3764 | 1 Turnkeywebtools | 1 Php Live Helper | 2018-10-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php. | |||||
| CVE-2008-3769 | 1 Openfreeway | 1 Freeway | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter. | |||||
| CVE-2008-3401 | 1 Hscripts | 1 Hiox Random Ad | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
| CVE-2008-3399 | 1 Xrms | 1 Xrms Crm | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter. | |||||
| CVE-2008-3402 | 1 Hscripts | 1 Hiox Random Ad | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php. | |||||
| CVE-2008-3575 | 1 Ezcontents | 1 Ezcontents Cms | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132. | |||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2018-10-11 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | |||||
| CVE-2008-3298 | 1 Social Engine | 1 Social Engine | 2018-10-11 | 6.0 MEDIUM | N/A |
| SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. | |||||
| CVE-2008-3285 | 1 Alain Barbet | 1 Filesys Smbclientparser | 2018-10-11 | 9.3 HIGH | N/A |
| The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters. | |||||
| CVE-2008-3324 | 1 Party Gaming | 1 Party Poker Client | 2018-10-11 | 7.6 HIGH | N/A |
| The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | |||||
| CVE-2008-3311 | 1 Adam Scheinberg | 1 Flip | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||||
| CVE-2008-3183 | 1 Gapi Cms | 1 Gapicms | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter. | |||||
| CVE-2008-3294 | 1 Vim | 1 Vim | 2018-10-11 | 3.7 LOW | N/A |
| src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. | |||||
| CVE-2008-2950 | 1 Poppler | 1 Poppler | 2018-10-11 | 7.5 HIGH | N/A |
| The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. | |||||
| CVE-2008-2884 | 1 Rss Aggregator | 1 Rss Aggregator | 2018-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2769 | 1 Phpraider | 1 Phpraider | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter. | |||||
| CVE-2008-2436 | 1 Novell | 1 Iprint Client | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx. | |||||
| CVE-2008-2478 | 1 Cpanel | 1 Cpanel | 2018-10-11 | 8.5 HIGH | N/A |
| ** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel." | |||||
| CVE-2008-2434 | 1 Trend Micro | 1 Housecall | 2018-10-11 | 9.3 HIGH | N/A |
| The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2198 | 1 Kmita Tellfriend | 1 Tellfriend | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2199 | 1 Kkeim | 1 Kmita Mail | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2086 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-11 | 9.3 HIGH | N/A |
| Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. | |||||
| CVE-2008-2044 | 1 Netoffice | 1 Dwins | 2018-10-11 | 7.5 HIGH | N/A |
| includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | |||||
| CVE-2008-2016 | 1 Chilkat Software | 1 Chicomas | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||||
| CVE-2008-1997 | 1 Ibm | 1 Db2 Server | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. | |||||
| CVE-2008-1965 | 1 Ibm | 2 Lotus Expeditor Client, Lotus Symphany | 2018-10-11 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. | |||||
| CVE-2008-1926 | 1 Linux | 1 Util-linux | 2018-10-11 | 7.5 HIGH | N/A |
| Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | |||||
| CVE-2008-1860 | 1 Lokicms | 1 Lokicms | 2018-10-11 | 9.3 HIGH | N/A |
| Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter. | |||||
| CVE-2008-1786 | 1 Computer Associates | 7 Arcserve Backup Laptops And Desktops, Desktop And Server Management, Desktop Management Suite and 4 more | 2018-10-11 | 9.3 HIGH | N/A |
| The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. | |||||
| CVE-2008-1770 | 1 Akamai | 1 Download Manager | 2018-10-11 | 9.3 HIGH | N/A |
| CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line. | |||||
| CVE-2008-1609 | 1 Jaf Cms | 1 Jaf Cms | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php, (b) headlines.php, and (c) main.php in forum/, and (2) main_dir parameter to forum/forum.php. NOTE: other main_dir vectors are already covered by CVE-2006-7127. | |||||
| CVE-2008-1233 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." | |||||
| CVE-2008-1059 | 1 Wordpress | 1 Sniplets Plugin | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | |||||