Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2224 | 1 Sazcart | 1 Sazcart | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php. | |||||
| CVE-2008-2220 | 1 Interact | 1 Interact | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448. | |||||
| CVE-2008-2195 | 1 Deluxebb | 1 Deluxebb | 2017-09-29 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI. | |||||
| CVE-2008-2193 | 1 Scorpnews | 1 Scorpnews | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | |||||
| CVE-2008-2192 | 1 Itcms | 1 Itcms | 2017-09-29 | 10.0 HIGH | N/A |
| Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter. | |||||
| CVE-2008-2128 | 1 Cms Faethon | 1 Cms Faethon | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185. | |||||
| CVE-2008-2074 | 1 Successkid | 1 Harris Wap Chat | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/. | |||||
| CVE-2008-1989 | 2 123flashchat, E107 | 2 123 Flash Chat Module, E107 | 2017-09-29 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter. | |||||
| CVE-2008-1963 | 1 Quate | 1 Grape Web Statistics | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. | |||||
| CVE-2008-1958 | 1 Easyscripts | 1 Tr Script News | 2017-09-29 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | |||||
| CVE-2008-1903 | 1 Newanz | 1 Newsoffice | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter. | |||||
| CVE-2008-1876 | 1 Snarky | 1 Visualpic | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter. | |||||
| CVE-2008-1866 | 1 Pixel Motion | 1 Pixel Motion Blog | 2017-09-29 | 9.0 HIGH | N/A |
| admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request. | |||||
| CVE-2008-1862 | 1 Exbb | 1 Exbb Italia | 2017-09-29 | 6.8 MEDIUM | N/A |
| ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. | |||||
| CVE-2008-1776 | 1 Phpblock | 1 Phpblock | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter. | |||||
| CVE-2008-1773 | 1 Dragoon | 1 Dragoon | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2008-1712 | 1 Mx-system | 1 Mxbb | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
| CVE-2008-1682 | 1 Elearningforce | 1 Online Flashquiz | 2017-09-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter. | |||||
| CVE-2008-1505 | 2 Joomla, Sstreamtv | 2 Joomla, Custompages | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php. | |||||
| CVE-2008-1416 | 1 Phpauction | 1 Phpauction Gpl | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/. | |||||