Total
3200 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-6710 | 1 Matteolucarelli | 1 Pgmreloaded | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php. | |||||
CVE-2008-0116 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | |||||
CVE-2007-6139 | 1 Mp3 | 1 Toolbox | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter. | |||||
CVE-2007-5627 | 1 Socketmail | 1 Socketmail | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in content/fnc-readmail3.php in SocketMail 2.2.8 allows remote attackers to execute arbitrary PHP code via a URL in the __SOCKETMAIL_ROOT parameter. | |||||
CVE-2007-4947 | 1 Myphppagetool | 1 Myphppagetool | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) help6.php, (7) help7.php, (7) help8.php, (8) help9.php, or (10) index.php in doc/admin/. | |||||
CVE-2007-6657 | 1 Mihalism | 1 Multi Host | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter. | |||||
CVE-2007-5295 | 1 Wikepage | 1 Opus | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters. | |||||
CVE-2007-5065 | 2 Joomla, Webmaster-tips | 2 Joomla, Flash Slide Show | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin.slideshow1.php in the Flash Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
CVE-2007-3773 | 1 Generic Youtube Clone Script | 1 Generic Youtube Clone Script | 2023-12-10 | 9.3 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. | |||||
CVE-2006-5865 | 1 Damien Benier | 1 Myalbum | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter. | |||||
CVE-2007-6706 | 1 Ibm | 1 Lotus Notes | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. | |||||
CVE-2006-7100 | 1 Phpbb | 1 Insert User | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2007-3037 | 1 Microsoft | 1 Windows Media Player | 2023-12-10 | 4.0 MEDIUM | N/A |
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins." | |||||
CVE-2007-6459 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | |||||
CVE-2008-0417 | 1 Mozilla | 1 Firefox | 2023-12-10 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | |||||
CVE-2007-4809 | 1 Online Fantasy Football League | 1 Offl | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php. | |||||
CVE-2007-4807 | 1 Focus Sis | 1 Focus Sis | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php. | |||||
CVE-2007-5457 | 2 Joomla, Michael Dempfle | 2 Joomla, Joomla Flash Uploader | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php. | |||||
CVE-2006-5291 | 1 Alex | 1 Downloadengine | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW Editor PHP Edition, so this issue is probably a duplicate of CVE-2006-4656. | |||||
CVE-2007-5216 | 1 E-ark | 1 E-ark | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086. |