Search
Total
2052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6483 | 2 Joomla, Virtuemart-solutions | 2 Joomla, Com Googlebase | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6482 | 2 Joomla, Justjoomla | 2 Joomla, Com Treeg | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | |||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2017-09-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | |||||
| CVE-2008-6421 | 1 Socialsitegenerator | 1 Social Site Generator | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2008-6408 | 1 Brian Wilson | 1 Ol\'bookmarks | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. | |||||
| CVE-2008-6403 | 1 Openrat | 1 Openrat | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. | |||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | |||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2008-6347 | 2 Joomla, Luigi Massa | 2 Joomla, Onguma Time Sheet | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6318 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317. | |||||
| CVE-2008-6315 | 1 Phpmygallery | 1 Phpmygallery | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316. | |||||
| CVE-2008-6305 | 1 Freedirectoryscript | 1 Free Directory Script | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter. | |||||
| CVE-2008-6287 | 1 Getmiro | 1 Broadcast Machine | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Broadcast Machine 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) MySQLController.php, (2) SQLController.php, (3) SetupController.php, (4) VideoController.php, and (5) ViewController.php in controllers/. | |||||
| CVE-2008-6251 | 1 Scripts | 1 Phpfan | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2008-6221 | 2 Dadamailproject, Joomla | 2 Dada Mail Manager, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | |||||
| CVE-2008-6513 | 1 Aphpkb | 1 Aphpkb | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php. | |||||
| CVE-2008-6178 | 2 Fckeditor, Phplist | 2 Fckeditor, Phplist | 2017-09-29 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6138 | 1 Webbiscuits | 1 Modules Controller | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | |||||
| CVE-2008-6132 | 1 Brickhost | 1 Phpscheduleit | 2017-09-29 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | |||||
| CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | |||||
| CVE-2008-6023 | 1 Xnova | 1 Xnova | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter. | |||||
| CVE-2008-6022 | 1 Xnova | 1 Xnova | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter. | |||||
| CVE-2008-6006 | 1 Minbank | 1 Micronation Banking System | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/. | |||||
| CVE-2008-5949 | 1 Tiddlywiki | 1 Cctiddly | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php. | |||||
| CVE-2008-5938 | 1 Modxcms | 1 Modxcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in assets/snippets/reflect/snippet.reflect.php in MODx CMS 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the reflect_base parameter. | |||||
| CVE-2008-5920 | 1 Tigris | 1 Websvn | 2017-09-29 | 7.5 HIGH | N/A |
| The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | |||||
| CVE-2008-5789 | 2 Joomla, Recly | 2 Joomla, Interactive Feederator | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | |||||
| CVE-2008-5764 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
| CVE-2008-5763 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | |||||
| CVE-2008-5793 | 2 Joomla, Recly | 2 Joomla, Clickheat-heatmap | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. | |||||
| CVE-2008-5585 | 1 Lcxbbportal | 1 Lcxbbportal | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php. | |||||
| CVE-2008-5577 | 1 Scssboard | 1 Scssboard | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter. | |||||
| CVE-2008-5334 | 1 Nitrotech | 1 Nitrotech | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2008-5332 | 1 Pie | 1 Pie | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others. | |||||
| CVE-2008-5288 | 1 Scripts4you | 1 Faq Manager | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter. | |||||
| CVE-2008-5210 | 1 Phpblock | 1 Phpblock | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776. | |||||
| CVE-2008-5167 | 1 Boonex | 1 Orca | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | |||||
| CVE-2008-5071 | 1 Yoxel | 1 Yoxel | 2017-09-29 | 9.0 HIGH | N/A |
| Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter. | |||||
| CVE-2008-5066 | 1 Agaresmedia | 1 Themesitescript | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. | |||||
| CVE-2008-5063 | 1 Otmanager | 1 Otmanager | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in OTManager 2.4 allows remote attackers to execute arbitrary PHP code via a URL in the Tipo parameter. | |||||
| CVE-2008-5060 | 1 Modernbill | 1 Modernbill | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to (1) export_batch.inc.php, (2) run_auto_suspend.cron.php, and (3) send_email_cache.php in include/scripts/; (4) include/misc/mod_2checkout/2checkout_return.inc.php; and (5) include/html/nettools.popup.php, different vectors than CVE-2006-4034 and CVE-2005-1054. | |||||
| CVE-2008-5053 | 1 Joomla | 2 Com Rssreader, Joomla | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2008-5015 | 1 Mozilla | 1 Firefox | 2017-09-29 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | |||||
| CVE-2008-4720 | 1 Arzdev | 1 Gemini Portal | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php. | |||||
| CVE-2008-4719 | 1 Openengine | 1 Openengine | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329. | |||||
| CVE-2008-4704 | 1 Mitre | 1 Sezhoo | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | |||||
| CVE-2008-4673 | 1 Webbiscuits | 1 Events Calendar | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters. | |||||
| CVE-2008-4645 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-09-29 | 9.0 HIGH | N/A |
| plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. | |||||
| CVE-2008-4624 | 1 Ftrsoft | 1 Fast Click Sql Lite | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter. | |||||