Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1371 | 1 Xhp | 1 Cms | 2017-10-11 | 9.0 HIGH | N/A |
| Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. | |||||
| CVE-2005-1155 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | |||||
| CVE-2005-2703 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | |||||
| CVE-2005-0103 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2017-13676 | 1 Norton | 1 Remove \& Reinstall | 2017-10-06 | 4.4 MEDIUM | 7.0 HIGH |
| Norton Remove & Reinstall can be susceptible to a DLL preloading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application. A Norton Remove & Reinstall update, version 4.4.0.58, has been released which addresses the aforementioned vulnerability. | |||||
| CVE-2017-14764 | 1 Genixcms | 1 Genixcms | 2017-09-29 | 6.5 MEDIUM | 8.8 HIGH |
| In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module. | |||||
| CVE-2014-9463 | 2 Vbseo, Vbulletin | 2 Vbseo, Vbulletin | 2017-09-29 | 9.0 HIGH | 8.8 HIGH |
| functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | |||||
| CVE-2009-2143 | 2 Firestats, Wordpress | 2 Firestats, Wordpress | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter. | |||||
| CVE-2009-1230 | 1 Podcast Generator | 1 Podcast Generator | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action. | |||||
| CVE-2009-1064 | 2 Orbit Downloader, Orbitdownloader | 2 Orbit Downloader, Orbit Downloader | 2017-09-29 | 5.8 MEDIUM | N/A |
| Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | |||||
| CVE-2009-1946 | 1 Adaptbb | 1 Adaptbb | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter. | |||||
| CVE-2009-0966 | 1 Yabsoft | 1 Mega File Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2009-1444 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS 0.8-beta allows remote attackers to execute arbitrary PHP code via a URL in the lib_path parameter. | |||||
| CVE-2009-1551 | 1 Qt-cute | 1 Quickteam | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) qte_web_path parameter to qte_web.php and the (2) qte_root parameter to bin/qte_init.php. | |||||
| CVE-2009-1512 | 1 Keir Davis | 1 X-forum | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php. | |||||
| CVE-2009-1025 | 1 Beerwin | 1 Phplinkadmin | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2009-1677 | 1 Bitweaver | 1 Bitweaver | 2017-09-29 | 6.5 MEDIUM | N/A |
| Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php. | |||||
| CVE-2009-2095 | 1 Mundi King | 1 Mundi Mail | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in template/simpledefault/admin/_masterlayout.php in Mundi Mail 0.8.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the top parameter. NOTE: when allow_url_fopen is disabled, directory traversal attacks are possible to include and execute arbitrary local files. | |||||
| CVE-2009-1452 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450. | |||||
| CVE-2009-2111 | 1 Jnmsolutions | 1 Db Top Sites | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter. | |||||