Search
Total
2052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4798 | 1 Webgui | 1 Webgui | 2017-08-08 | 9.3 HIGH | N/A |
| The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. | |||||
| CVE-2008-4810 | 1 Smarty | 1 Smarty | 2017-08-08 | 7.5 HIGH | N/A |
| The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. | |||||
| CVE-2008-2690 | 1 Browsercrm | 1 Browsercrm | 2017-08-08 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2575 | 1 Jcoppens | 1 Cbrpager | 2017-08-08 | 6.8 MEDIUM | N/A |
| cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | |||||
| CVE-2008-2497 | 1 Mambo-foundation | 1 Mambo | 2017-08-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-3313 | 1 Creacms | 1 Creacms | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) cfg[document_uri] parameter to _administration/edition_article/edition_article.php and the (2) cfg[base_uri_admin] parameter to _administration/fonctions/get_liste_langue.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3354 | 1 Runcms | 2 Newbb Plus Module, Runcms | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus (newbb_plus) module 0.93 in RunCMS 1.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) bbPath[path] parameter to votepolls.php and the (2) bbPath[root_theme] parameter to config.php, different vectors than CVE-2006-0659. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3246 | 2 Blackberry, Rim | 7 Enterprise Server, Unite, Blackberry Enterprise Server and 4 more | 2017-08-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment. | |||||
| CVE-2008-3198 | 1 Mozilla | 1 Firefox | 2017-08-08 | 7.5 HIGH | N/A |
| Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. | |||||
| CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | |||||
| CVE-2008-3335 | 1 Punbb | 1 Punbb | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. | |||||
| CVE-2008-3001 | 1 Drupal | 1 Aggregation Module | 2017-08-08 | 9.3 HIGH | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | |||||
| CVE-2008-2934 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2017-08-08 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | |||||
| CVE-2008-2772 | 1 Drupal | 1 Magic Tabs Module | 2017-08-08 | 7.5 HIGH | N/A |
| The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote attackers to execute arbitrary PHP code via unspecified URL arguments, possibly related to a missing "whitelist of callbacks." | |||||
| CVE-2008-2230 | 1 Reportbug-ng | 2 Reportbug, Reportbug-ng | 2017-08-08 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory. | |||||
| CVE-2008-2284 | 1 Fusebox | 1 Fusebox | 2017-08-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1622 | 1 Geertsen Holdings Inc | 1 Geecarts | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1893 | 1 W2b | 1 Online Banking | 2017-08-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter. | |||||
| CVE-2008-2275 | 1 Typo3 | 1 Sr Feuser Register Extension | 2017-08-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | |||||
| CVE-2008-1370 | 1 Wildmary | 1 Yap Blog | 2017-08-08 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2345 | 1 Typo3 | 1 Air Filemanager | 2017-08-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." | |||||
| CVE-2008-2041 | 1 Egroupware | 1 Egroupware | 2017-08-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root. | |||||
| CVE-2008-1381 | 1 Zoneminder | 1 Zoneminder | 2017-08-08 | 7.5 HIGH | N/A |
| ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. | |||||
| CVE-2008-1466 | 1 W-agora | 1 W-agora | 2017-08-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0583 | 1 Skype Technologies | 1 Skype | 2017-08-08 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. | |||||
| CVE-2008-1214 | 2 Linux, Numara | 2 Linux Kernel, Footprints | 2017-08-08 | 7.5 HIGH | N/A |
| MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1201 | 1 Adobe | 1 Flash | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file. | |||||
| CVE-2008-1016 | 1 Apple | 1 Quicktime | 2017-08-08 | 6.8 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. | |||||
| CVE-2008-0516 | 1 Sqlite Manager | 1 Sqlite Manager | 2017-08-08 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in SQLiteManager 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0448 | 1 Cybergl Dev Team | 1 Phpsearch | 2017-08-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. | |||||
| CVE-2008-0251 | 1 Photopost | 1 Photopost Vbgallery | 2017-08-08 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. | |||||
| CVE-2008-0060 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||||
| CVE-2007-6339 | 1 Akamai Technologies | 1 Download Manager | 2017-08-08 | 6.8 MEDIUM | N/A |
| The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." | |||||
| CVE-2005-4874 | 1 Mozilla | 1 Mozilla | 2017-08-08 | 4.3 MEDIUM | N/A |
| The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | |||||
| CVE-2007-6191 | 1 Pmapper | 1 P.mapper | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper. | |||||
| CVE-2007-5295 | 1 Wikepage | 1 Opus | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters. | |||||
| CVE-2007-5567 | 1 Galmeta | 1 Galmeta Post | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter. | |||||
| CVE-2007-4950 | 1 Phportal | 1 Phportal | 2017-07-29 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in form/db_form/employee.php in PHPortal 0.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker. | |||||
| CVE-2007-5115 | 1 Ekke Doerre | 1 Mods 4 Xoops Contenido Ez Publish | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre Contenido 42VariablVersion (42VV10) in contenido_hacks in Mods 4 Xoops Contenido eZ publish (pdf4cms) allow remote attackers to execute arbitrary PHP code via a URL in the cfgPathInc parameter to (1) main_upl.php, (2) main_con_editside.php, (3) main_news_rcp.php, (4) main_mod.php, (5) main_tplinput_edit.php, (6) main_con.php, (7) main_tpl.php, (8) main_con_sidelist.php, (9) main_str.php, (10) main_news.php, (11) main_tplinput.php, (12) main_lang.php, (13) main_mod_edit.php, (14) main_lay.php, (15) main_lay_edit.php, (16) main_news_send.php, (17) main_con_edittpl.php, (18) main_stat.php, (19) main_tpl_edit.php, (20) main_news_edit.php, or (21) inc/upl_show_uploads.inc.php; the (a) cfgPathContenido or (b) cfgPathTpl parameter to (22) con_show_sidelist.inc.php, (23) mod_show_modules.inc.php, (24) con_edit_form.inc.php, (25) lay_show_layouts.inc.php, (26) con_show_tree.inc.php, (27) news_show_newsletters.inc.php, (28) str_show_tree.inc.php, (29) tpl_show_templates.inc.php, (30) stat_show_tree.inc.php, (31) con_editcontent.inc.php, or (32) news_show_recipients.inc.php in inc/; or the cfgPathTpl parameter to (33) main_user_md5.php3, or (34) actions_mod.php, (35) actions_lay.php, (36) actions_upl.php, (37) actions_stat.php, (38) actions_news.php, (39) actions_str.php, (40) header.php, (41) actions_con_sidelist.php, (42) main_top.inc.php, (43) actions_tpl.php, or (44) actions_con.php in tpl/. NOTE: vectors 21, 24, 26, 27, 32, 34, 35, 36, 37, 38, 39, 40, 41, 43, and 44 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement. | |||||
| CVE-2007-5705 | 1 Jeeblestechnology | 1 Jeebles Directory | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5661 | 1 Macrovision | 1 Installshield | 2017-07-29 | 9.3 HIGH | N/A |
| The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. | |||||
| CVE-2007-5362 | 3 Ag-solutions, Joomla, Mambo | 3 Mosmedia Lite, Joomla, Mambo | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. | |||||
| CVE-2007-5604 | 1 Hp | 1 Instant Support | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607. | |||||
| CVE-2007-5153 | 1 Sun | 2 Java System Access Manager, Java System Application Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-4738 | 1 Speedtech | 1 Stphplibrary | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5363 | 2 Joomla, Webmaster-tips | 2 Joomla, Panoramic Picture Viewer | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5607 | 1 Hp | 1 Instant Support | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606. | |||||
| CVE-2007-5837 | 1 Yarssr | 1 Yarssr | 2017-07-29 | 6.8 MEDIUM | N/A |
| GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed. | |||||
| CVE-2007-4720 | 1 Hitachi | 1 Jp1 Cm2 Network Node Manager | 2017-07-29 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Shared Trace Service in Hitachi JP1/Cm2/Network Node Manager (NNM) 07-10 through 07-10-05, and NNM Starter Edition Enterprise and 250 08-00 through 08-10, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-4466 | 1 Electronic Arts | 1 Snoopyctrl | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters. | |||||