Total
3562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2634 | 2 Joomla, Ordasoft | 2 Joomla, Com Medialibrary | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-1278 | 1 Gravityboardx | 1 Gravity Board X | 2024-02-04 | 7.5 HIGH | N/A |
| Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. | |||||
| CVE-2008-5305 | 1 Twiki | 1 Twiki | 2024-02-04 | 10.0 HIGH | N/A |
| Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. | |||||
| CVE-2008-2884 | 1 Rss Aggregator | 1 Rss Aggregator | 2024-02-04 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1463 | 1 Razorcms | 1 Razorcms | 2024-02-04 | 7.5 HIGH | N/A |
| Static code injection vulnerability in razorCMS before 0.4 allows remote attackers to inject arbitrary PHP code into any page by saving content as a .php file. | |||||
| CVE-2009-2736 | 1 Sun-jester | 1 Opennews | 2024-02-04 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action. | |||||
| CVE-2008-3440 | 1 Sun | 1 Java | 2024-02-04 | 7.5 HIGH | N/A |
| Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-1786 | 1 Computer Associates | 7 Arcserve Backup Laptops And Desktops, Desktop And Server Management, Desktop Management Suite and 4 more | 2024-02-04 | 9.3 HIGH | N/A |
| The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments. | |||||
| CVE-2008-2192 | 1 Itcms | 1 Itcms | 2024-02-04 | 10.0 HIGH | N/A |
| Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter. | |||||
| CVE-2009-1960 | 1 Dokuwiki | 1 Dokuwiki | 2024-02-04 | 9.3 HIGH | N/A |
| inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs. | |||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-4735 | 1 Coastal | 1 Coast | 2024-02-04 | 8.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter. | |||||
| CVE-2009-1539 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2024-02-04 | 9.3 HIGH | N/A |
| The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability." | |||||
| CVE-2008-5789 | 2 Joomla, Recly | 2 Joomla, Interactive Feederator | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) mosConfig_absolute_path parameter to (a) add_tmsp.php, (b) edit_tmsp.php and (c) tmsp.php in includes/tmsp/; and the (2) GLOBALS[mosConfig_absolute_path] parameter to (d) includes/tmsp/subscription.php. | |||||
| CVE-2008-6491 | 1 Denis Moinel | 1 Phpgkit | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2633 | 2 Joomla, Ordasoft | 2 Joomla, Com Vehiclemanager | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2009-1469 | 1 Icewarp | 2 Email Server, Webmail Server | 2024-02-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element of an XML document, as demonstrated by triggering an e-mail message from the server that contains a user's correct credentials, and requests that the user compose a reply that includes this message. | |||||
| CVE-2009-0811 | 1 Sopcast | 1 Sopcore Activex Control | 2024-02-04 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the SopCast SopCore ActiveX control in sopocx.ocx 3.0.3.501 allows remote attackers to execute arbitrary programs via an executable file name in the argument to the SetExternalPlayer method. | |||||
| CVE-2009-1444 | 1 Webportal | 1 Webportal Cms | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | |||||
| CVE-2008-2044 | 1 Netoffice | 1 Dwins | 2024-02-04 | 7.5 HIGH | N/A |
| includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | |||||