Total
5472 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5784 | 1 Caupo.net | 1 Cauposhop Pro | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in CaupoShop Pro 2.x allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | ||||
| CVE-2009-0668 | 1 Zope | 1 Zodb | 2025-04-09 | N/A |
| Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol. | ||||
| CVE-2007-5837 | 1 Yarssr | 1 Yarssr | 2025-04-09 | N/A |
| GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed. | ||||
| CVE-2008-0567 | 1 Chronoengine | 1 Chronoforms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/. | ||||
| CVE-2008-1043 | 1 Linux Web Shop | 1 Php User Base | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. | ||||
| CVE-2009-0639 | 1 Phpyabs | 1 Phpyabs | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter. | ||||
| CVE-2009-0572 | 1 Flatnux | 1 Flatnux | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php. | ||||
| CVE-2009-0556 | 1 Microsoft | 2 Office Powerpoint, Powerpoint | 2025-04-09 | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability." | ||||
| CVE-2008-2520 | 1 Bigace | 1 Bigace | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423. | ||||
| CVE-2008-1069 | 1 Quantum Game Library | 1 Quantum Game Library | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php. | ||||
| CVE-2008-1067 | 1 Phpqladmin | 1 Phpqladmin | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php. | ||||
| CVE-2008-3439 | 1 Speedbit | 1 Speedbit Video Accelerator | 2025-04-09 | N/A |
| SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2008-4024 | 1 Microsoft | 8 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Outlook and 5 more | 2025-04-09 | N/A |
| Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability." | ||||
| CVE-2009-0558 | 1 Microsoft | 6 Office, Office Compatibility Pack For Word Excel Ppt 2007, Office Excel and 3 more | 2025-04-09 | N/A |
| Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability." | ||||
| CVE-2008-1084 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. | ||||
| CVE-2007-6147 | 1 Iaprcommence | 1 Iapr Commence | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (a) php_root_path and sometimes the (b) privilege_root_path parameter to various PHP scripts under (1) admin/includes/, (2) admin/phase/, (3) includes/, (4) includes/page_includes/, (5) reviewer/includes/, (6) reviewer/phase/, and (7) user/phase/. | ||||
| CVE-2009-0495 | 1 It747 | 1 Realtor 747 | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter. | ||||
| CVE-2009-0463 | 1 Groonesworld | 1 Glinks | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2009-0441 | 1 Technote | 1 Technote | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138. | ||||
| CVE-2009-0422 | 1 Tincan | 1 Phplist | 2025-04-09 | N/A |
| Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. | ||||