Total
5306 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | ||||
| CVE-2008-1089 | 1 Microsoft | 2 Office, Visio | 2025-04-09 | N/A |
| Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." | ||||
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2025-04-09 | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2009-1064 | 2 Orbit Downloader, Orbitdownloader | 2 Orbit Downloader, Orbit Downloader | 2025-04-09 | N/A |
| Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | ||||
| CVE-2008-6421 | 1 Socialsitegenerator | 1 Social Site Generator | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2008-1085 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-09 | N/A |
| Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. | ||||
| CVE-2007-6105 | 1 Talkback | 1 Talkback | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. | ||||
| CVE-2008-6408 | 1 Brian Wilson | 1 Ol\'bookmarks | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. | ||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | ||||
| CVE-2008-6132 | 1 Brickhost | 1 Phpscheduleit | 2025-04-09 | N/A |
| Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | ||||
| CVE-2008-6138 | 1 Webbiscuits | 1 Modules Controller | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. | ||||
| CVE-2008-1084 | 1 Microsoft | 5 Windows 2000, Windows 2003 Server, Windows Server 2008 and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. | ||||
| CVE-2008-2041 | 1 Egroupware | 1 Egroupware | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root. | ||||
| CVE-2008-1068 | 1 Portail Web Php | 1 Portail Web Php | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645. | ||||
| CVE-2008-1060 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | N/A |
| Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. | ||||
| CVE-2009-1285 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | N/A |
| Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files. | ||||
| CVE-2008-5305 | 1 Twiki | 1 Twiki | 2025-04-09 | N/A |
| Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable. | ||||
| CVE-2008-1059 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | ||||
| CVE-2008-1046 | 1 Quinsonnas | 1 Quinsonnas Mail Checker | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter. | ||||
| CVE-2007-5741 | 1 Plone | 1 Plone | 2025-04-09 | N/A |
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | ||||