Total
5597 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4148 | 1 Daz3d | 1 Daz Studio | 2025-04-09 | N/A |
| DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability." | ||||
| CVE-2008-5090 | 1 Anelectron | 1 Advanced Electron Forum | 2025-04-09 | N/A |
| Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. | ||||
| CVE-2008-3436 | 1 Notepad\+\+ | 1 Notepad\+\+ | 2025-04-09 | N/A |
| The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2008-3433 | 1 Speedbit | 1 Download Accelerator Plus | 2025-04-09 | N/A |
| SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2007-6615 | 1 Agares Media | 1 Phpautovideo | 2025-04-09 | N/A |
| Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter. | ||||
| CVE-2008-3335 | 1 Punbb | 1 Punbb | 2025-04-09 | N/A |
| Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors. | ||||
| CVE-2006-7100 | 1 Phpbb | 1 Insert User | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2008-3332 | 1 Mantis | 1 Mantis | 2025-04-09 | N/A |
| Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | ||||
| CVE-2008-3298 | 1 Social Engine | 1 Social Engine | 2025-04-09 | N/A |
| SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code. | ||||
| CVE-2007-1233 | 1 Stwc-counter | 1 Stwc-counter | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter. | ||||
| CVE-2007-1247 | 1 Aweb Labs | 1 Awebnews | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php. | ||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | ||||
| CVE-2007-2572 | 1 Noah | 1 Noah | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter. | ||||
| CVE-2008-3198 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. | ||||
| CVE-2008-4439 | 1 Martinwood | 1 Datafeed Studio | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2025-04-09 | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | ||||
| CVE-2009-0556 | 1 Microsoft | 2 Office Powerpoint, Powerpoint | 2025-04-09 | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." | ||||
| CVE-2009-1088 | 1 Hannonhill | 1 Cascade | 2025-04-09 | N/A |
| Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime. | ||||
| CVE-2009-3576 | 1 Autodesk | 2 Autodesk Softimage, Autodesk Softimage Xsi | 2025-04-09 | N/A |
| Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. | ||||
| CVE-2009-0820 | 1 Php.brickhost | 1 Phpscheduleit | 2025-04-09 | N/A |
| Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132. | ||||