Total
3189 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-2298 | 1 Atthat.com | 1 Thatware | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
CVE-2003-1410 | 1 Isoca | 1 Cedric Email Reader | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | |||||
CVE-2001-0308 | 1 Bajie | 1 Java Http Server | 2023-12-10 | 7.5 HIGH | N/A |
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program. | |||||
CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2023-12-10 | 6.8 MEDIUM | N/A |
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | |||||
CVE-2004-1423 | 1 Php-calendar | 1 Php-calendar | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php. | |||||
CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2023-12-10 | 7.5 HIGH | N/A |
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | |||||
CVE-2002-2249 | 1 Php Evolution | 1 News Evolution | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | |||||
CVE-2003-1240 | 1 Cutephp | 1 Cutenews | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | |||||
CVE-2003-0498 | 1 Intersystems | 1 Cache Database | 2023-12-10 | 7.2 HIGH | N/A |
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. | |||||
CVE-2003-1253 | 1 Sangwan Kim | 1 Bookmark4u | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. | |||||
CVE-2002-2299 | 1 Atthat.com | 1 Thatware | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
CVE-2003-1459 | 1 Ttcms | 2 Ttcms, Ttforum | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. | |||||
CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2023-12-10 | 7.5 HIGH | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | |||||
CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2023-12-10 | 7.5 HIGH | N/A |
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | |||||
CVE-2003-1412 | 1 Gonicus | 1 Gonicus System Administration | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. | |||||
CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | |||||
CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | |||||
CVE-1999-0491 | 1 Gnu | 1 Bash | 2023-12-10 | 4.6 MEDIUM | N/A |
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | |||||
CVE-1999-0702 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 10.0 HIGH | N/A |
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. |