Total
3562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5947 | 1 Yapbb | 1 Yapbb | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter. | |||||
| CVE-2008-1466 | 1 W-agora | 1 W-agora | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5585 | 1 Lcxbbportal | 1 Lcxbbportal | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 Alpha 2 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) portal/includes/portal_block.php and (2) includes/acp/acp_lcxbbportal.php. | |||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2024-02-04 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | |||||
| CVE-2008-3401 | 1 Hscripts | 1 Hiox Random Ad | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter. | |||||
| CVE-2009-3132 | 1 Microsoft | 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more | 2024-02-04 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability." | |||||
| CVE-2008-6956 | 1 Infireal | 1 Mxcamarchive | 2024-02-04 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5790 | 2 Joomla, Recly | 2 Joomla, Competitions | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php. | |||||
| CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2024-02-04 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | |||||
| CVE-2008-6849 | 1 W2b | 1 Phpgreetcards | 2024-02-04 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php. | |||||
| CVE-2008-6651 | 1 Oxyproject | 1 Oxybox | 2024-02-04 | 10.0 HIGH | N/A |
| Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter. | |||||
| CVE-2009-0202 | 1 Microsoft | 1 Office Powerpoint | 2024-02-04 | 9.3 HIGH | N/A |
| Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. | |||||
| CVE-2008-2345 | 1 Typo3 | 1 Air Filemanager | 2024-02-04 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." | |||||
| CVE-2008-2390 | 1 Hp | 1 Software Update | 2024-02-04 | 6.8 MEDIUM | N/A |
| Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument. | |||||
| CVE-2008-3001 | 1 Drupal | 1 Aggregation Module | 2024-02-04 | 9.3 HIGH | N/A |
| The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote attackers to upload files with arbitrary extensions, and possibly execute arbitrary code, via a crafted feed that allows upload of files with arbitrary extensions. | |||||
| CVE-2009-2514 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2024-02-04 | 9.3 HIGH | N/A |
| win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability." | |||||
| CVE-2008-5015 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | |||||
| CVE-2008-2841 | 2 Microsoft, Xchat | 3 Internet Explorer, Windows Nt, Xchat | 2024-02-04 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI. | |||||
| CVE-2008-5167 | 1 Boonex | 1 Orca | 2024-02-04 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | |||||
| CVE-2008-2877 | 1 Cmsworks | 1 Cmsworks | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter. | |||||