Total
3761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2480 | 1 Plusphp | 1 Plusphp Short Url Multi-user Script | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in plus.php in plusPHP Short URL Multi-User Script 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the _pages_dir parameter. | |||||
| CVE-2008-2888 | 1 Migcms | 1 Migcms | 2017-09-29 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[application][app_root] parameter to (1) collection.class.php and (2) content_image.class.php in lib/obj/. | |||||
| CVE-2008-2905 | 1 Mambo | 1 Mambo | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-2192 | 1 Itcms | 1 Itcms | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter. | |||||
| CVE-2008-2684 | 1 Blackice | 1 Black Ice Barcode Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2195 | 1 Deluxebb | 1 Deluxebb | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI. | |||||
| CVE-2008-2390 | 1 Hp | 1 Software Update | 2017-09-29 | 6.8 MEDIUM | N/A |
| Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument. | |||||
| CVE-2008-3166 | 1 Boonex | 1 Ray | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter. | |||||
| CVE-2008-3570 | 1 Africabegone | 1 Africa Be Gone | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter. | |||||
| CVE-2008-2649 | 1 Don3 | 1 Desktoponnet | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 Beta allow remote attackers to execute arbitrary PHP code via a URL in the app_path parameter to (1) don3_requiem.don3app/don3_requiem.php and (2) frontpage.don3app/frontpage.php. | |||||
| CVE-2008-2520 | 1 Bigace | 1 Bigace | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][addon] parameter to (a) addon/smarty/plugins/function.captcha.php and (b) system/classes/sql/AdoDBConnection.php; and the (2) GLOBALS[_BIGACE][DIR][admin] parameter to (c) item_information.php and (d) jstree.php in system/application/util/, and (e) system/admin/plugins/menu/menuTree/plugin.php, different vectors than CVE-2006-4423. | |||||
| CVE-2008-3075 | 1 Vim | 2 Vim, Zipplugin.vim | 2017-09-29 | 9.3 HIGH | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | |||||
| CVE-2008-3509 | 1 Lovecms | 1 Lovecms | 2017-09-29 | 7.5 HIGH | N/A |
| LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors. | |||||
| CVE-2008-3595 | 1 Txtsql | 1 Txtsql | 2017-09-29 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter. | |||||
| CVE-2008-2638 | 1 1-script | 1 1-book | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php. | |||||
| CVE-2008-2481 | 1 Phpraider | 1 Phpraider | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter. | |||||
| CVE-2008-2396 | 1 Wajox Software | 1 Mircrossys Cms | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter. | |||||
| CVE-2008-2986 | 1 Phpdmca | 1 Phpdmca | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/. | |||||
| CVE-2008-1989 | 2 123flashchat, E107 | 2 123 Flash Chat Module, E107 | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter. | |||||
| CVE-2007-6652 | 1 Xcms | 1 Xcms | 2017-09-29 | 7.5 HIGH | N/A |
| cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). | |||||