Total
5594 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5138 | 1 Lustig | 1 Lustig.cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. | ||||
| CVE-2007-4464 | 2 Fransois Gannier, Ghisler | 2 Fileinfo Plugin, Total Commander | 2025-04-09 | N/A |
| CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations. | ||||
| CVE-2006-5055 | 1 Forum One | 1 Syntaxcms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter. | ||||
| CVE-2007-4187 | 1 Joomla | 1 Joomla | 2025-04-09 | N/A |
| Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | ||||
| CVE-2007-5600 | 1 Artmedic Webdesign | 1 Artmedic Cms | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a (1) UNC share pathname, or a (2) ftps, (3) ssh2.sftp, or (4) ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https, and ftp URLs. | ||||
| CVE-2007-2575 | 1 Vm Watermark | 1 Vm Watermark | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | ||||
| CVE-2007-5457 | 2 Joomla, Michael Dempfle | 2 Joomla, Joomla Flash Uploader | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. | ||||
| CVE-2008-6651 | 1 Oxyproject | 1 Oxybox | 2025-04-09 | N/A |
| Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter. | ||||
| CVE-2007-5453 | 1 Php-stats | 1 Php-stats | 2025-04-09 | N/A |
| Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php. | ||||
| CVE-2007-5451 | 2 Com Colorlab, Joomla | 2 Com Colorlab, Joomla | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin.color.php in the com_colorlab (aka com_color) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2009-1918 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2025-04-09 | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." | ||||
| CVE-2008-1170 | 1 Kcwiki | 1 Kcwiki | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the page parameter to (1) minimal/wiki.php and (2) simplest/wiki.php. | ||||
| CVE-2007-5425 | 1 Interspire | 1 Activekb | 2025-04-09 | N/A |
| SQL injection vulnerability in admin/index.php in Interspire ActiveKB 1.5 allows remote attackers to execute arbitrary SQL commands via the questId parameter in a hideQuestion ToDo action. NOTE: the catId vector is already covered by CVE-2007-5131. | ||||
| CVE-2007-5418 | 1 Care2x | 1 2g | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) en_copyrite.php, (2) vi_copyrite.php, and (3) ar_copyrite.php in language/ directories; (4) class_access.php, (5) class_department.php, (6) class_config.php, (7) class_image.php, (8) class_ward.php, and (9) class_product.php in include/care_api_classes/; (10) gui/smarty_template/smarty_care.class.php; and possibly other components, different vectors than CVE-2007-1458. | ||||
| CVE-2007-2458 | 1 Pixaria | 1 Pixaria Gallery | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457. | ||||
| CVE-2007-0649 | 1 Openemr | 1 Openemr | 2025-04-09 | N/A |
| Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error. | ||||
| CVE-2006-3456 | 1 Symantec | 3 Norton Antivirus, Norton Internet Security, Norton System Works | 2025-04-09 | N/A |
| The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771. | ||||
| CVE-2008-6518 | 1 Vidiscript | 1 Vidiscript | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request. | ||||
| CVE-2007-5412 | 1 Quoc-huy | 1 Mp3 Allopass | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 Allopass (com_mp3_allopass) 1.0 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter to (1) allopass.php and (2) allopass-error.php. | ||||
| CVE-2008-4206 | 1 Attachmax | 1 Dolphin | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | ||||