Total
3192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0567 | 1 Chronoengine | 1 Chronoforms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/. | |||||
CVE-2007-5089 | 1 Sk.log | 1 Sk.log | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in php-inc/log.inc.php in sk.log 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SKIN_URL parameter. | |||||
CVE-2007-5705 | 1 Jeeblestechnology | 1 Jeebles Directory | 2023-12-10 | 6.0 MEDIUM | N/A |
Unspecified vulnerability in the Settings component in the administration system in Jeebles Directory 2.9.60 allows remote authenticated administrators to execute arbitrary PHP code via unspecified vectors related to settings.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-5009 | 1 Phpbb2 | 1 Phpbb2 Plus | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2007-5628 | 1 Towels | 1 Towels | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in src/scripture.php in The Online Web Library Site (TOWels) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the pageHeaderFile parameter. | |||||
CVE-2006-5621 | 1 Ask Rave | 1 Ask Rave | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter. | |||||
CVE-2007-4806 | 1 Focus Sis | 1 Focus Sis | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter. | |||||
CVE-2006-5280 | 1 Cuttlefish Multimedia Ltd. | 1 Leicestershire Communityportals | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter. | |||||
CVE-2007-1147 | 1 Hbm | 1 Hbm | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter. | |||||
CVE-2008-0503 | 1 Netwerk | 1 Smart Publisher | 2023-12-10 | 6.8 MEDIUM | N/A |
Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. | |||||
CVE-2006-3876 | 1 Microsoft | 1 Office | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694. | |||||
CVE-2007-5423 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | N/A |
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function. | |||||
CVE-2007-6289 | 1 Iptel | 1 Serweb | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358. | |||||
CVE-2007-4458 | 1 Firesoft | 1 Firesoft | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter. | |||||
CVE-2006-3864 | 1 Microsoft | 3 Office, Project, Visio | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868. | |||||
CVE-2007-0025 | 1 Microsoft | 2 Visual Studio .net, Windows 2003 Server | 2023-12-10 | 9.3 HIGH | N/A |
The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll. | |||||
CVE-2007-5096 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter. | |||||
CVE-2007-2900 | 1 Scallywag.org | 1 Scallywag | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. | |||||
CVE-2006-6726 | 1 Inertianews | 1 Inertianews | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter. | |||||
CVE-2007-5351 | 1 Microsoft | 1 Windows Vista | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." |