Total
6191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3919 | 1 Justsystems | 1 Ichitaro | 2025-04-09 | N/A |
| Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008. | ||||
| CVE-2009-1102 | 2 Redhat, Sun | 3 Enterprise Linux, Rhel Extras, Java | 2025-04-09 | N/A |
| Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | ||||
| CVE-2008-2497 | 1 Mambo-foundation | 1 Mambo | 2025-04-09 | N/A |
| CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2008-2481 | 1 Phpraider | 1 Phpraider | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter. | ||||
| CVE-2008-1059 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | ||||
| CVE-2007-6555 | 1 Phil Taylor | 1 Mosdirectory | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | ||||
| CVE-2009-1551 | 1 Qt-cute | 1 Quickteam | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php. | ||||
| CVE-2009-0251 | 1 Ryneezy | 1 Phosheezy | 2025-04-09 | N/A |
| Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-5947 | 1 Yapbb | 1 Yapbb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter. | ||||
| CVE-2009-1452 | 1 Bluevirus-design | 1 Sma-db | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450. | ||||
| CVE-2008-2228 | 1 Cyberfolio | 1 Cyberfolio | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter. | ||||
| CVE-2009-4148 | 1 Daz3d | 1 Daz Studio | 2025-04-09 | N/A |
| DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability." | ||||
| CVE-2007-6550 | 1 Pmos Helpdesk | 1 Pmos Helpdesk | 2025-04-09 | N/A |
| form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter. | ||||
| CVE-2009-1392 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors. | ||||
| CVE-2007-6548 | 1 Runcms | 1 Runcms | 2025-04-09 | N/A |
| Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/. | ||||
| CVE-2007-4923 | 1 Joomla | 1 Joomla Radio | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in the Joomla Radio 5 (com_joomlaradiov5) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | ||||
| CVE-2009-1285 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. | ||||
| CVE-2009-0677 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | N/A |
| avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array. | ||||
| CVE-2008-1893 | 1 W2b | 1 Online Banking | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in W2B Online Banking allows remote attackers to execute arbitrary PHP code via a URL in the ilang parameter. | ||||
| CVE-2006-6962 | 1 Joomla | 1 Rs Gallery2 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in rsgallery2.html.php in the RS Gallery2 component (com_rsgallery2) 1.11.2 for Joomla! allows attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. NOTE: this issue may overlap CVE-2006-5047. | ||||