Search
Total
2052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2111 | 1 Jnmsolutions | 1 Db Top Sites | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. | |||||
| CVE-2009-1946 | 1 Adaptbb | 1 Adaptbb | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter. | |||||
| CVE-2009-1512 | 1 Keir Davis | 1 X-forum | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php. | |||||
| CVE-2009-1960 | 1 Dokuwiki | 1 Dokuwiki | 2017-09-29 | 9.3 HIGH | N/A |
| inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs. | |||||
| CVE-2009-1450 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter. | |||||
| CVE-2009-1452 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450. | |||||
| CVE-2009-1579 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | |||||
| CVE-2009-2182 | 1 Campware.org | 1 Campsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/. | |||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | |||||
| CVE-2009-0456 | 1 Sourdough | 1 Sourdough | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter. | |||||
| CVE-2009-0251 | 1 Ryneezy | 1 Phosheezy | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0103 | 1 Playsms | 1 Playsms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php. | |||||
| CVE-2008-7240 | 1 Linuxwebshop | 1 Php User Base | 2017-09-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | |||||
| CVE-2008-7123 | 1 Zkup | 1 Zkup | 2017-09-29 | 6.8 MEDIUM | N/A |
| Static code injection vulnerability in admin/configuration/modifier.php in zKup CMS 2.0 through 2.3 allows remote attackers to inject arbitrary PHP code into fichiers/config.php via a null byte (%00) in the login parameter in an ajout action, which bypasses the regular expression check. | |||||
| CVE-2008-7073 | 2 Ekkaia, Rssmodule | 2 Pie Web, Rss Module | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter. | |||||
| CVE-2008-7067 | 1 Pagetreecms | 1 Page Tree Cms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter. | |||||
| CVE-2008-7042 | 1 Freshscripts | 1 Fresh Email Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter. | |||||
| CVE-2008-6983 | 1 Devalcms | 1 Devalcms | 2017-09-29 | 7.5 HIGH | N/A |
| modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php. | |||||
| CVE-2008-6958 | 1 Comsenz | 1 Crossday Discuz\! Board | 2017-09-29 | 6.5 MEDIUM | N/A |
| wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter. | |||||
| CVE-2008-6956 | 1 Infireal | 1 Mxcamarchive | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6936 | 1 Jabber | 1 Exodus | 2017-09-29 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935. | |||||
| CVE-2008-6934 | 1 Sansuart | 1 Free Simple Guestbook Php Script | 2017-09-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6902 | 1 2532gigs | 1 2532gigs | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in upload_flyer.php in 2532designs 2532|Gigs 1.2.2 Stable allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in flyers/. | |||||
| CVE-2008-6900 | 1 Availscript | 1 Availscript Article Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/. | |||||
| CVE-2008-6849 | 1 W2b | 1 Phpgreetcards | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php. | |||||
| CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | |||||
| CVE-2008-6773 | 1 Peterselie | 1 Yourplace | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in user/internettoolbar/edit.php in YourPlace 1.0.2 and earlier allows remote authenticated users to execute arbitrary PHP code into user/internettoolbar/index.php via the (1) fav1_url, (2) fav1_name, (3) fav2_url, (4) fav2_name, (5) fav3_url, (6) fav3_name, (7) fav4_url, (8) fav4_name, (9) fav5_url, or (10) fav5_name parameters. | |||||
| CVE-2008-6785 | 1 Galaxyscripts | 1 Mini File Host | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file. | |||||
| CVE-2008-6761 | 1 China-on-site | 1 Flexcustomer0.0.6 | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php. | |||||
| CVE-2008-6740 | 1 Homap | 1 Homap | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. | |||||
| CVE-2008-6665 | 1 Anantasoft | 1 Ananta Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection. | |||||
| CVE-2008-6651 | 1 Oxyproject | 1 Oxybox | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter. | |||||
| CVE-2008-6636 | 1 Geody | 1 Dagger | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_skins parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6635 | 1 Geody | 1 Dagger | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter. | |||||
| CVE-2008-6612 | 1 Abweb | 1 Minimal-ablog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/. | |||||
| CVE-2008-6539 | 1 Holger Schurig | 1 Destar | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter. | |||||
| CVE-2008-6518 | 1 Vidiscript | 1 Vidiscript | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request. | |||||
| CVE-2008-6499 | 1 Apachefriends | 1 Xampp | 2017-09-29 | 5.5 MEDIUM | N/A |
| security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1. | |||||
| CVE-2008-6483 | 2 Joomla, Virtuemart-solutions | 2 Joomla, Com Googlebase | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6482 | 2 Joomla, Justjoomla | 2 Joomla, Com Treeg | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | |||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2017-09-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | |||||
| CVE-2008-6421 | 1 Socialsitegenerator | 1 Social Site Generator | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2008-6408 | 1 Brian Wilson | 1 Ol\'bookmarks | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. | |||||
| CVE-2008-6403 | 1 Openrat | 1 Openrat | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. | |||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | |||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2008-6347 | 2 Joomla, Luigi Massa | 2 Joomla, Onguma Time Sheet | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6318 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317. | |||||
| CVE-2008-6315 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316. | |||||
| CVE-2008-6305 | 1 Freedirectoryscript | 1 Free Directory Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter. | |||||