Vulnerabilities (CVE)

Filtered by CWE-94
Total 3563 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2791 1 Webdynamite 1 Projectbutler 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter.
CVE-2009-0208 1 Hp 1 Virtual Rooms 2024-02-04 10.0 HIGH N/A
Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2008-7073 2 Ekkaia, Rssmodule 2 Pie Web, Rss Module 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
CVE-2008-7070 1 Kvirc 1 Kvirc 2024-02-04 9.3 HIGH N/A
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
CVE-2009-1918 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2024-02-04 10.0 HIGH N/A
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."
CVE-2008-3022 1 Phpbbportal 1 Phportal 2024-02-04 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters.
CVE-2009-1833 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2024-02-04 9.3 HIGH N/A
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
CVE-2009-2665 1 Mozilla 1 Firefox 2024-02-04 10.0 HIGH N/A
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper.
CVE-2009-1102 1 Sun 1 Java 2024-02-04 6.4 MEDIUM N/A
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
CVE-2009-2773 1 Shop-020 1 Php Paid 4 Mail Script 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2008-6315 1 Phpmygallery 1 Phpmygallery 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316.
CVE-2008-1622 1 Geertsen Holdings Inc 1 Geecarts 2024-02-04 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-3167 1 Boonex 1 Dolphin 2024-02-04 9.3 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
CVE-2008-3919 1 Justsystems 1 Ichitaro 2024-02-04 9.3 HIGH N/A
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
CVE-2009-2396 2 Dutchmonkey, Wordpress 2 Dm Album, Wordpress 2024-02-04 9.3 HIGH N/A
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
CVE-2009-1025 1 Beerwin 1 Phplinkadmin 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2009-2525 1 Microsoft 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more 2024-02-04 9.3 HIGH N/A
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability."
CVE-2008-3434 1 Apple 1 Itunes 2024-02-04 7.5 HIGH N/A
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-2977 1 Ourvideo Cms 1 Ourvideo Cms 2024-02-04 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/.
CVE-2008-3018 1 Microsoft 4 Office, Office Converter Pack, Windows Nt and 1 more 2024-02-04 9.3 HIGH N/A
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.