Total
3563 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1963 | 1 Quate | 1 Grape Web Statistics | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. | |||||
| CVE-2009-0084 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." | |||||
| CVE-2008-1086 | 1 Microsoft | 6 Internet Explorer, Windows-nt, Windows 2000 and 3 more | 2024-02-04 | 9.3 HIGH | N/A |
| The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption. | |||||
| CVE-2008-1370 | 1 Wildmary | 1 Yap Blog | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6900 | 1 Availscript | 1 Availscript Article Script | 2024-02-04 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/. | |||||
| CVE-2007-5661 | 1 Macrovision | 1 Installshield | 2024-02-04 | 9.3 HIGH | N/A |
| The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine. | |||||
| CVE-2009-0149 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 4.4 MEDIUM | N/A |
| Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. | |||||
| CVE-2009-0566 | 1 Microsoft | 1 Office Publisher | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability." | |||||
| CVE-2008-2888 | 1 Migcms | 1 Migcms | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/. | |||||
| CVE-2009-0820 | 1 Php.brickhost | 1 Phpscheduleit | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132. | |||||
| CVE-2009-3705 | 1 Achievo | 1 Achievo | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter. | |||||
| CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | |||||
| CVE-2009-3307 | 1 Frank Lichtenheld | 1 Fsphp | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the FSPHP_LIB parameter to (1) FSphp.php, (2) navigation.php, and (3) pathwrite.php in lib/. | |||||
| CVE-2008-1084 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-02-04 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. | |||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2024-02-04 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | |||||
| CVE-2008-4911 | 1 Chattaitaliano | 1 Istant-replay | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter. | |||||
| CVE-2009-3426 | 1 Databay | 1 Maxcms | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter. | |||||
| CVE-2009-4127 | 2 Mozilla, Wikipedia | 2 Firefox, Wikipedia Toolbar | 2024-02-04 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5288 | 1 Scripts4you | 1 Faq Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/header.php in Werner Hilversum FAQ Manager 1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config_path parameter. | |||||
| CVE-2009-0222 | 1 Microsoft | 1 Office Powerpoint | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | |||||