Total
3563 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2791 | 1 Webdynamite | 1 Projectbutler | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in pda_projects.php in WebDynamite ProjectButler 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the offset parameter. | |||||
CVE-2009-0208 | 1 Hp | 1 Virtual Rooms | 2024-02-04 | 10.0 HIGH | N/A |
Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2008-7073 | 2 Ekkaia, Rssmodule | 2 Pie Web, Rss Module | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter. | |||||
CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2024-02-04 | 9.3 HIGH | N/A |
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | |||||
CVE-2009-1918 | 1 Microsoft | 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more | 2024-02-04 | 10.0 HIGH | N/A |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability." | |||||
CVE-2008-3022 | 1 Phpbbportal | 1 Phportal | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters. | |||||
CVE-2009-1833 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 9.3 HIGH | N/A |
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | |||||
CVE-2009-2665 | 1 Mozilla | 1 Firefox | 2024-02-04 | 10.0 HIGH | N/A |
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. | |||||
CVE-2009-1102 | 1 Sun | 1 Java | 2024-02-04 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." | |||||
CVE-2009-2773 | 1 Shop-020 | 1 Php Paid 4 Mail Script | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2008-6315 | 1 Phpmygallery | 1 Phpmygallery | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in _conf/core/common-tpl-vars.php in PHPmyGallery 1.0 beta2 allows remote attackers to execute arbitrary PHP code via a URL in the confdir parameter, a different issue than CVE-2008-6316. | |||||
CVE-2008-1622 | 1 Geertsen Holdings Inc | 1 Geecarts | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-3167 | 1 Boonex | 1 Dolphin | 2024-02-04 | 9.3 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin. | |||||
CVE-2008-3919 | 1 Justsystems | 1 Ichitaro | 2024-02-04 | 9.3 HIGH | N/A |
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008. | |||||
CVE-2009-2396 | 2 Dutchmonkey, Wordpress | 2 Dm Album, Wordpress | 2024-02-04 | 9.3 HIGH | N/A |
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter. | |||||
CVE-2009-1025 | 1 Beerwin | 1 Phplinkadmin | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2009-2525 | 1 Microsoft | 7 Windows 2000, Windows Media Format Runtime, Windows Media Player and 4 more | 2024-02-04 | 9.3 HIGH | N/A |
Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka "Windows Media Runtime Heap Corruption Vulnerability." | |||||
CVE-2008-3434 | 1 Apple | 1 Itunes | 2024-02-04 | 7.5 HIGH | N/A |
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
CVE-2008-2977 | 1 Ourvideo Cms | 1 Ourvideo Cms | 2024-02-04 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/. | |||||
CVE-2008-3018 | 1 Microsoft | 4 Office, Office Converter Pack, Windows Nt and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. |