Vulnerabilities (CVE)

Filtered by CWE-94
Total 3599 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1410 1 Isoca 1 Cedric Email Reader 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
CVE-1999-0702 1 Microsoft 1 Internet Explorer 2024-02-04 10.0 HIGH N/A
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-2004-1926 1 Tiki 1 Tikiwiki Cms\/groupware 2024-02-04 7.5 HIGH N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
CVE-2002-2319 1 Mysimplenews 1 Mysimplenews 2024-02-04 7.5 HIGH N/A
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3.
CVE-2002-2019 1 Oscommerce 1 Oscommerce 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
CVE-2002-2249 1 Php Evolution 1 News Evolution 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php.
CVE-1999-0891 1 Microsoft 1 Internet Explorer 2024-02-04 5.0 MEDIUM N/A
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-2003-1406 1 Adalis Infomatique 1 D Forum 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
CVE-2002-2287 1 Phpbb 1 Advanced Quick Reply Hack 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
CVE-2002-2297 1 Atthat.com 1 Thatware 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2003-1253 1 Sangwan Kim 1 Bookmark4u 2024-02-04 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
CVE-2003-1491 1 Kerio 1 Personal Firewall 2024-02-04 7.5 HIGH N/A
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
CVE-2003-1411 1 Isoca 1 Cedric Email Reader 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
CVE-2003-0498 1 Intersystems 1 Cache Database 2024-02-04 7.2 HIGH N/A
Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.
CVE-2004-1419 1 Zeroboard 1 Zeroboard 2024-02-04 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.
CVE-2003-1459 1 Ttcms 2 Ttcms, Ttforum 2024-02-04 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
CVE-2008-2575 1 Jcoppens 1 Cbrpager 2024-02-02 6.8 MEDIUM N/A
cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.
CVE-2010-0258 1 Microsoft 6 Excel, Office, Office Compatibility Pack and 3 more 2024-02-02 9.3 HIGH 7.8 HIGH
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that causes memory to be interpreted as a different object type than intended, aka "Microsoft Office Excel Sheet Object Type Confusion Vulnerability."
CVE-2024-1015 2024-02-02 N/A 9.8 CRITICAL
Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device.