Total
3192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0043 | 1 Apple | 1 Iphoto | 2023-12-10 | 9.3 HIGH | N/A |
Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | |||||
CVE-2007-5124 | 1 Aol | 1 Instant Messenger | 2023-12-10 | 6.8 MEDIUM | N/A |
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901. | |||||
CVE-2007-5754 | 1 Phpfaber | 1 Urlinn | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter. | |||||
CVE-2007-5314 | 1 Xkiosk | 1 Xkiosk Web | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter. | |||||
CVE-2006-6748 | 1 Newxooper | 1 Newxooper | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0572 | 1 Mindmeld | 1 Mindmeld | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/. | |||||
CVE-2008-0300 | 1 Mapbender | 1 Mapbender | 2023-12-10 | 6.8 MEDIUM | N/A |
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. | |||||
CVE-2007-6542 | 1 Agares Media | 1 Arcadem | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. | |||||
CVE-2007-2428 | 1 Ahhp-portal | 1 Ahhp-portal | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. | |||||
CVE-2007-5456 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 7.5 HIGH | N/A |
Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. | |||||
CVE-2008-1043 | 1 Linux Web Shop | 1 Php User Base | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | |||||
CVE-2008-0302 | 1 Debian | 1 Apt-listchanges | 2023-12-10 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. | |||||
CVE-2007-5733 | 1 Japanese Php Gallery Hosting | 1 Japanese Php Gallery Hosting | 2023-12-10 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in upload/upload.php in Japanese PHP Gallery Hosting, when Open directory mode is enabled, allows remote attackers to upload and execute arbitrary PHP code via a ServerPath parameter specifying a filename with a double extension. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-0076 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability." | |||||
CVE-2007-5593 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2023-12-10 | 6.8 MEDIUM | N/A |
install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | |||||
CVE-2007-6229 | 1 Rayzz | 1 Rayzz Script | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter. | |||||
CVE-2007-0065 | 1 Microsoft | 6 Office, Visual Basic, Windows 2000 and 3 more | 2023-12-10 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request. | |||||
CVE-2007-6632 | 1 Xml2owl | 1 Xml2owl | 2023-12-10 | 6.8 MEDIUM | N/A |
showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter. | |||||
CVE-2006-6086 | 1 E-ark | 1 E-ark | 2023-12-10 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | |||||
CVE-2007-2185 | 1 Supasite | 1 Supasite | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php. |