Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2182 | 1 Campware.org | 1 Campsite | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 RC1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) ad_popup.php, (2) camp_html.php, (3) init_content.php, (4) logout.php, (5) menu.php, and (6) set-author.php in admin-files/; (7) conf/liveuser_configuration.php; (8) include/phorum_load.php; (9) CommandProcessor.php and (10) index.php in admin-files/article_import; and (11) add.php, (12) add_move.php, (13) autopublish.php, and (14) autopublish_del.php in admin-files/articles/. | |||||
| CVE-2009-1278 | 1 Gravityboardx | 1 Gravity Board X | 2017-09-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. | |||||
| CVE-2009-1248 | 1 Acutecp | 1 Acute Control Panel | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/. | |||||
| CVE-2009-1822 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php. | |||||
| CVE-2009-1450 | 1 Bluevirus-design | 1 Sma-db | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 allows remote attackers to execute arbitrary PHP code via a URL in the _page_content parameter. | |||||
| CVE-2009-1579 | 1 Squirrelmail | 1 Squirrelmail | 2017-09-29 | 6.8 MEDIUM | N/A |
| The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.18 and NaSMail before 1.7 allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. | |||||
| CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | |||||
| CVE-2009-0444 | 1 Sirini | 1 Grboard | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php. | |||||
| CVE-2009-0495 | 1 It747 | 1 Realtor 747 | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/define.php in REALTOR 747 4.11 allows remote attackers to execute arbitrary PHP code via a URL in the INC_DIR parameter. | |||||
| CVE-2009-0530 | 1 Electrictoad | 1 Snippetmaster Webpage Editor | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php. | |||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | |||||
| CVE-2008-6936 | 1 Jabber | 1 Exodus | 2017-09-29 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935. | |||||
| CVE-2009-0456 | 1 Sourdough | 1 Sourdough | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter. | |||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||
| CVE-2008-6221 | 2 Dadamailproject, Joomla | 2 Dada Mail Manager, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.dadamail.php in the Dada Mail Manager (com_dadamail) component 2.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter. | |||||
| CVE-2009-0463 | 1 Groonesworld | 1 Glinks | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2009-0464 | 1 Groonesworld | 1 Gbook | 2017-09-29 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | |||||
| CVE-2009-0251 | 1 Ryneezy | 1 Phosheezy | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6900 | 1 Availscript | 1 Availscript Article Script | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in "Add Pen/Author Name" feature in addpen.php in AvailScript Article Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photos/. | |||||
| CVE-2008-6347 | 2 Joomla, Luigi Massa | 2 Joomla, Onguma Time Sheet | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/onguma.class.php in the Onguma Time Sheet (com_ongumatimesheet20) 2.0 4b component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||