Search
Total
2052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2618 | 1 Insanevisions | 1 Adapcms | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||||
| CVE-2010-2358 | 1 Jeffkilroy | 1 Nakid Cms | 2017-08-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2809 | 1 Uzbl | 1 Uzbl | 2017-08-17 | 6.8 MEDIUM | N/A |
| The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document. | |||||
| CVE-2010-2918 | 2 Joomla, Visocrea | 2 Joomla\!, Com Joomla Visites | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2010-2341 | 1 Ezpx | 1 Ezpx Photoblog | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in system/application/views/public/commentform.php in EZPX Photoblog 1.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the tpl_base_dir parameter. | |||||
| CVE-2010-3204 | 1 Pecio-cms | 1 Pecio Cms | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 allow remote attackers to execute arbitrary PHP code via a URL in the template parameter to (1) post.php, (2) article.php, (3) blog.php, or (4) home.php in pec_templates/nova-blue/. | |||||
| CVE-2010-2315 | 1 Smartisoft | 1 Phpbazar | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter. | |||||
| CVE-2010-3205 | 1 Textpattern | 1 Textpattern | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Textpattern CMS 4.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | |||||
| CVE-2010-3206 | 1 Diy-cms | 1 Diy-cms | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to modules/guestbook/blocks/control.block.php, (2) main_module parameter to index.php, and (3) getFile parameter to includes/general.functions.php. | |||||
| CVE-2010-3209 | 1 Seagullproject.org | 1 Seagull | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 allow remote attackers to execute arbitrary PHP code via a URL in the includeFile parameter to (1) Config/Container.php and (2) HTML/QuickForm.php in fog/lib/pear/, the (3) driverpath parameter to fog/lib/pear/DB/NestedSet.php, and the (4) path parameter to fog/lib/pear/DB/NestedSet/Output.php. | |||||
| CVE-2010-3210 | 1 Martin Lee | 1 Multi-lingual E-commerce System | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Multi-lingual E-Commerce System 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in inc/. | |||||
| CVE-2010-3419 | 1 Haudenschilt | 1 Family Connections Cms | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php. | |||||
| CVE-2010-2137 | 1 Giaard | 1 Proman | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2010-2132 | 1 Danny Ho | 1 Oes | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1 beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) forum/admin.php and (2) plotgraph/index.php in admin/modules/modules/, and (3) admin_user/mod_admuser.php and (4) ogroup/mod_group.php in admin/modules/user_account/, different vectors than CVE-2007-1446. | |||||
| CVE-2010-2127 | 1 Jv2design | 1 Jv2 Folder Gallery | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gallery.php in JV2 Folder Gallery 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter. | |||||
| CVE-2010-2005 | 1 Datalifecms | 1 Datalife Engine | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php. | |||||
| CVE-2010-1978 | 1 Freephpblogsoftware | 1 Freephpblogsoftware | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in default_theme.php in FreePHPBlogSoftware 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpincdir parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1944 | 1 Openmairie | 1 Opencimetiere | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) autorisation.class.php, (2) courrierautorisation.class.php, (3) droit.class.php, (4) profil.class.php, (5) temp_defunt_sansemplacement.class.php, (6) utils.class.php, (7) cimetiere.class.php, (8) defunt.class.php, (9) emplacement.class.php, (10) tab_emplacement.class.php, (11) temp_emplacement.class.php, (12) voie.class.php, (13) collectivite.class.php, (14) defunttransfert.class.php, (15) entreprise.class.php, (16) temp_autorisation.class.php, (17) travaux.class.php, (18) zone.class.php, (19) courrier.class.php, (20) dossier.class.php, (21) plans.class.php, (22) temp_defunt.class.php, and (23) utilisateur.class.php in obj/. | |||||
| CVE-2010-1546 | 1 Chaos Tool Suite Project | 1 Ctools | 2017-08-17 | 6.0 MEDIUM | N/A |
| Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc. | |||||
| CVE-2010-1528 | 1 Uiga | 1 Proxy | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | |||||
| CVE-2010-1467 | 1 Francois Raynaud | 1 Openurgence Vaccin | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in openUrgence Vaccin 1.03 allow remote attackers to execute arbitrary PHP code via a URL in the path_om parameter to (1) collectivite.class.php, (2) injection.class.php, (3) utilisateur.class.php, (4) droit.class.php, (5) laboratoire.class.php, (6) vaccin.class.php, (7) effetsecondaire.class.php, (8) medecin.class.php, (9) individu.class.php, and (10) profil.class.php in gen/obj/. | |||||
| CVE-2010-1360 | 1 Boesch-it | 1 Faqengine | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php. | |||||
| CVE-2010-1351 | 1 Nodesforum | 1 Nodesforum | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1337 | 1 Lussumo | 1 Vanilla | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in definitions.php in Lussumo Vanilla 1.1.10, and possibly 0.9.2 and other versions, allow remote attackers to execute arbitrary PHP code via a URL in the (1) include and (2) Configuration['LANGUAGE'] parameters. | |||||
| CVE-2010-1335 | 1 Miftahovn | 1 Insky Cms | 2017-08-17 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1272 | 1 Komputer.boo | 1 Gnat-tgp | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2010-1266 | 1 Kjetiltroan | 1 Webmaid Cms | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4) SITEROOT parameters to template/babyweb/index.php; the (5) modules and (6) copyright parameters to template/calm/footer.php; the (7) menu parameter to template/calm/top.php; and the (8) modules, (9) copyright, and (10) menu parameters to template/wm025/footer.php. | |||||
| CVE-2010-1180 | 1 Apple | 2 Iphone Os, Safari | 2017-08-17 | 9.3 HIGH | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | |||||
| CVE-2010-1114 | 1 Comscripts | 1 Web Server Creator Web Portal | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Web Server Creator - Web Portal 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pg parameter to index.php and the (2) path parameter to news/form.php. | |||||
| CVE-2010-1106 | 1 Advertisementmanager | 1 Advertisementmanager | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2010-1055 | 1 Tufat | 1 Osdate | 2017-08-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magic_quotes_gpc is disabled and register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[forum_installed] parameter to (1) forum/adminLogin.php and (2) forum/userLogin.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1165 | 1 Atlassian | 1 Jira | 2017-08-17 | 9.0 HIGH | N/A |
| Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010. | |||||
| CVE-2010-0983 | 1 Utilo | 1 Rezervi | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/mail.inc.php in Rezervi 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root parameter, a different vector than CVE-2007-2156. | |||||
| CVE-2010-0975 | 1 Phpcityportal | 1 Phpcityportal | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in external.php in PHPCityPortal allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | |||||
| CVE-2010-0755 | 1 Wikyblog | 1 Wikyblog | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/WBmap.php in WikyBlog 1.7.3 rc2 allows remote attackers to execute arbitrary PHP code via a URL in the langFile parameter. | |||||
| CVE-2009-3631 | 1 Typo3 | 1 Typo3 | 2017-08-17 | 8.5 HIGH | N/A |
| The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2009-4752 | 1 Phppower | 1 Swinger Club Portal | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary PHP code via a URL in the go parameter. | |||||
| CVE-2009-4750 | 1 Phppower | 1 Top Paidmailer | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in home.php in Top Paidmailer allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-4082 | 1 Lanifex | 1 Outreach Project Tool | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in forums/Forum_Include/index.php in Outreach Project Tool (OPT) 1.2.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_path parameter. | |||||
| CVE-2009-4223 | 1 Gianni Tommasi | 1 Kr-php Web Content Server | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2009-4220 | 1 Raphael Mazoyer | 1 Pointcomma | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfig[smartyPath] parameter. | |||||
| CVE-2010-0367 | 1 Bitscripts | 1 Bits Video Script | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits Video Script 2.05 Gold Beta, and possibly 2.04, allow remote attackers to execute arbitrary PHP code via a URL in the rowptem[template] parameter to (1) showcasesearch.php and (2) showcase2search.php. | |||||
| CVE-2009-4779 | 1 Robert Garrigos | 1 Nukehall | 2017-08-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter to (1) blocks.php, (2) messages.php, and (3) stories.php in admin/modules/. | |||||
| CVE-2009-4023 | 1 Pear | 1 Pear | 2017-08-17 | 7.5 HIGH | N/A |
| Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111. | |||||
| CVE-2009-4094 | 2 Designforjoomla, Joomla | 2 Com Ezine, Joomla\! | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in class/php/d4m_ajax_pagenav.php in the D4J eZine (com_ezine) component 2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path parameter. | |||||
| CVE-2009-4024 | 1 Pear | 1 Pear | 2017-08-17 | 10.0 HIGH | N/A |
| Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. | |||||
| CVE-2009-4768 | 1 Blizzard | 1 Warcraft 3 The Frozen Throne | 2017-08-17 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4085 | 1 Jabba Laci | 1 Phptraverser | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4604 | 2 Fernando Soares, Joomla | 2 Com Mamboleto, Joomla | 2017-08-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mamboleto) component 2.0 RC3 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-0970 | 1 Phpprobid | 1 Php Pro Bid | 2017-08-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||