Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2017-09-29 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | |||||
| CVE-2008-6251 | 1 Scripts | 1 Phpfan | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2008-7042 | 1 Freshscripts | 1 Fresh Email Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter. | |||||
| CVE-2008-6635 | 1 Geody | 1 Dagger | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter. | |||||
| CVE-2008-6023 | 1 Xnova | 1 Xnova | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in a newer version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the xnova_root_path parameter. | |||||
| CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | |||||
| CVE-2008-4557 | 1 Cutephp | 1 Cutenews | 2017-09-29 | 10.0 HIGH | N/A |
| plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression. | |||||
| CVE-2008-4645 | 1 Phpwebgallery | 1 Phpwebgallery | 2017-09-29 | 9.0 HIGH | N/A |
| plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. | |||||
| CVE-2008-5210 | 1 Phpblock | 1 Phpblock | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 allow remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter to (1) script/init/createallimagecache.php, (2) allincludefortick.php and (3) test.php in script/tick/, and (4) modules/dungeon/tick/allincludefortick.php, different vectors than CVE-2008-1776. | |||||
| CVE-2008-5949 | 1 Tiddlywiki | 1 Cctiddly | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php. | |||||
| CVE-2008-5763 | 1 Mariovaldez | 1 Simple Text-file Login Script | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter. | |||||
| CVE-2008-6132 | 1 Brickhost | 1 Phpscheduleit | 2017-09-29 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter. | |||||
| CVE-2008-5793 | 2 Joomla, Recly | 2 Joomla, Clickheat-heatmap | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) install.clickheat.php, (b) Cache.php and (c) Clickheat_Heatmap.php in Recly/Clickheat/, and (d) Recly/common/GlobalVariables.php; and the (2) mosConfig_absolute_path parameter to (e) _main.php and (f) main.php in includes/heatmap, and (g) includes/overview/main.php. | |||||
| CVE-2008-5167 | 1 Boonex | 1 Orca | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | |||||
| CVE-2008-5053 | 1 Joomla | 2 Com Rssreader, Joomla | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | |||||
| CVE-2008-5332 | 1 Pie | 1 Pie | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib parameter to files in lib/action/ including (a) alias.php, (b) cancel.php, (c) context.php, (d) deadlinks.php, (e) delete.php, and others; and the (2) GLOBALS[pie][library_path] parameter to files in lib/share/ including (f) diff.php, (g) file.php, (h) locale.php, (i) mapfile.php, (j) page.php, and others. | |||||
| CVE-2008-4134 | 1 Phprealty | 1 Phprealty | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter. | |||||
| CVE-2008-6006 | 1 Minbank | 1 Micronation Banking System | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/. | |||||
| CVE-2008-5920 | 1 Tigris | 1 Websvn | 2017-09-29 | 7.5 HIGH | N/A |
| The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-5764 | 1 2500mhz | 1 Worksimple | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||