Total
3599 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1410 | 1 Isoca | 1 Cedric Email Reader | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | |||||
CVE-1999-0702 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 10.0 HIGH | N/A |
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | |||||
CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-04 | 7.5 HIGH | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | |||||
CVE-2002-2319 | 1 Mysimplenews | 1 Mysimplenews | 2024-02-04 | 7.5 HIGH | N/A |
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3. | |||||
CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | |||||
CVE-2002-2249 | 1 Php Evolution | 1 News Evolution | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | |||||
CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2024-02-04 | 5.0 MEDIUM | N/A |
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||||
CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | |||||
CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
CVE-2002-2297 | 1 Atthat.com | 1 Thatware | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
CVE-2003-1253 | 1 Sangwan Kim | 1 Bookmark4u | 2024-02-04 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. | |||||
CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2024-02-04 | 7.5 HIGH | N/A |
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | |||||
CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | |||||
CVE-2003-0498 | 1 Intersystems | 1 Cache Database | 2024-02-04 | 7.2 HIGH | N/A |
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. | |||||
CVE-2004-1419 | 1 Zeroboard | 1 Zeroboard | 2024-02-04 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | |||||
CVE-2003-1459 | 1 Ttcms | 2 Ttcms, Ttforum | 2024-02-04 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. | |||||
CVE-2008-2575 | 1 Jcoppens | 1 Cbrpager | 2024-02-02 | 6.8 MEDIUM | N/A |
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename. | |||||
CVE-2010-0258 | 1 Microsoft | 6 Excel, Office, Office Compatibility Pack and 3 more | 2024-02-02 | 9.3 HIGH | 7.8 HIGH |
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability." | |||||
CVE-2024-1015 | 2024-02-02 | N/A | 9.8 CRITICAL | ||
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device. |