Search
Total
2894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0294 | 1 Webmobo | 1 Wbnews | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) search.php, (2) archive.php, (3) comments.php, and (4) news.php; (5) News.php, (6) SendFriend.php, (7) Archive.php, and (8) Comments.php in base/; and possibly other components, different vectors than CVE-2007-1288. | |||||
| CVE-2009-0202 | 1 Microsoft | 1 Office Powerpoint | 2018-10-11 | 9.3 HIGH | N/A |
| Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. | |||||
| CVE-2009-0191 | 1 Foxitsoftware | 1 Foxit Reader | 2018-10-11 | 9.3 HIGH | N/A |
| Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location. | |||||
| CVE-2009-0040 | 1 Libpng | 1 Libpng | 2018-10-11 | 6.8 MEDIUM | N/A |
| The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. | |||||
| CVE-2008-7087 | 1 Openpro | 1 Openpro | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter. | |||||
| CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2018-10-11 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | |||||
| CVE-2008-7005 | 1 Minb | 1 Minb Is Not A Blog | 2018-10-11 | 7.5 HIGH | N/A |
| include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution. | |||||
| CVE-2008-6935 | 1 Joe Fuhrman | 1 Exodus | 2018-10-11 | 10.0 HIGH | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI. | |||||
| CVE-2008-6748 | 1 Megacubo | 1 Megacubo | 2018-10-11 | 9.3 HIGH | N/A |
| Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. | |||||
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2018-10-11 | 5.0 MEDIUM | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | |||||
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2018-10-11 | 6.0 MEDIUM | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | |||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | |||||
| CVE-2008-6099 | 1 Rportal | 1 Rportal | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter. | |||||
| CVE-2008-5922 | 1 Cfagcms | 1 Cfagcms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters. | |||||
| CVE-2008-5866 | 1 Proxim | 1 Tsunami Mp.11 2411 | 2018-10-11 | 10.0 HIGH | N/A |
| The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables. | |||||
| CVE-2008-5792 | 1 Indisguise | 1 Indiscripts Enthusiast | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue. | |||||
| CVE-2008-5750 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | |||||
| CVE-2008-5749 | 2 Google, Microsoft | 2 Chrome, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission." | |||||
| CVE-2008-5694 | 1 Sandbox | 1 Sandbox | 2018-10-11 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox. | |||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-5619 | 1 Roundcube | 1 Webmail | 2018-10-11 | 10.0 HIGH | N/A |
| html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-5517 | 1 Git | 1 Git | 2018-10-11 | 7.5 HIGH | N/A |
| The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote attackers to execute arbitrary commands via shell metacharacters related to (1) git_snapshot and (2) git_object. | |||||
| CVE-2008-5090 | 1 Anelectron | 1 Advanced Electron Forum | 2018-10-11 | 10.0 HIGH | N/A |
| Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-4206 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | |||||
| CVE-2008-3922 | 1 Telartis Bv | 1 Awstats Totals | 2018-10-11 | 9.3 HIGH | N/A |
| awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function. | |||||
| CVE-2008-3882 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | |||||
| CVE-2008-3769 | 1 Openfreeway | 1 Freeway | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter. | |||||
| CVE-2008-3764 | 1 Turnkeywebtools | 1 Php Live Helper | 2018-10-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php. | |||||
| CVE-2008-3575 | 1 Ezcontents | 1 Ezcontents Cms | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/calendar/minicalendar.php in ezContents CMS allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[gsLanguage] parameter, a different vector than CVE-2006-4477 and CVE-2004-0132. | |||||
| CVE-2008-3402 | 1 Hscripts | 1 Hiox Random Ad | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php. | |||||
| CVE-2008-3401 | 1 Hscripts | 1 Hiox Random Ad | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
| CVE-2008-3399 | 1 Xrms | 1 Xrms Crm | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter. | |||||
| CVE-2008-3324 | 1 Party Gaming | 1 Party Poker Client | 2018-10-11 | 7.6 HIGH | N/A |
| The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. | |||||
| CVE-2008-3311 | 1 Adam Scheinberg | 1 Flip | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter. | |||||
| CVE-2008-3298 | 1 Social Engine | 1 Social Engine | 2018-10-11 | 6.0 MEDIUM | N/A |
| SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. | |||||
| CVE-2008-3294 | 1 Vim | 1 Vim | 2018-10-11 | 3.7 LOW | N/A |
| src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this file during a time window, or by creating it ahead of time with permissions that prevent its modification by configure. | |||||
| CVE-2008-3285 | 1 Alain Barbet | 1 Filesys Smbclientparser | 2018-10-11 | 9.3 HIGH | N/A |
| The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters. | |||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2018-10-11 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | |||||
| CVE-2008-3183 | 1 Gapi Cms | 1 Gapicms | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ktmlpro/includes/ktedit/toolbar.php in gapicms 9.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dirDepth parameter. | |||||
| CVE-2008-2950 | 1 Poppler | 1 Poppler | 2018-10-11 | 7.5 HIGH | N/A |
| The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. | |||||
| CVE-2008-2884 | 1 Rss Aggregator | 1 Rss Aggregator | 2018-10-11 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2769 | 1 Phpraider | 1 Phpraider | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter. | |||||
| CVE-2008-2478 | 1 Cpanel | 1 Cpanel | 2018-10-11 | 8.5 HIGH | N/A |
| ** DISPUTED ** scripts/wwwacct in cPanel 11.18.6 STABLE and earlier and 11.23.1 CURRENT and earlier allows remote authenticated users with reseller privileges to execute arbitrary code via shell metacharacters in the Email address field (aka Email text box). NOTE: the vendor disputes this, stating "I'm unable to reproduce such an issue on multiple servers running different versions of cPanel." | |||||
| CVE-2008-2436 | 1 Novell | 1 Iprint Client | 2018-10-11 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx. | |||||
| CVE-2008-2434 | 1 Trend Micro | 1 Housecall | 2018-10-11 | 9.3 HIGH | N/A |
| The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2008-2198 | 1 Kmita Tellfriend | 1 Tellfriend | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2199 | 1 Kkeim | 1 Kmita Mail | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2086 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-11 | 9.3 HIGH | N/A |
| Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. | |||||
| CVE-2008-2044 | 1 Netoffice | 1 Dwins | 2018-10-11 | 7.5 HIGH | N/A |
| includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | |||||
| CVE-2008-2016 | 1 Chilkat Software | 1 Chicomas | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||||