Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1436 | 1 Crossnuke | 1 Nukebrowser | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter. | |||||
| CVE-2003-1432 | 1 Epic Games | 2 Unreal Engine, Unreal Tournament 2003 | 2017-07-29 | 10.0 HIGH | N/A |
| Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | |||||
| CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | |||||
| CVE-2003-1410 | 1 Isoca | 1 Cedric Email Reader | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | |||||
| CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | |||||
| CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-29 | 6.8 MEDIUM | N/A |
| ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-2299 | 1 Atthat.com | 1 Thatware | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
| CVE-2002-2298 | 1 Atthat.com | 1 Thatware | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
| CVE-2002-2297 | 1 Atthat.com | 1 Thatware | 2017-07-29 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
| CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2002-2249 | 1 Php Evolution | 1 News Evolution | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | |||||
| CVE-2017-11585 | 1 Finecms | 1 Finecms | 2017-07-28 | 7.5 HIGH | 9.8 CRITICAL |
| dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | |||||
| CVE-2017-11421 | 1 Gnome-exe-thumbnailer Project | 1 Gnome-exe-thumbnailer | 2017-07-26 | 4.6 MEDIUM | 7.8 HIGH |
| gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. There is a local attack if the victim uses the GNOME Files file manager, and navigates to a directory containing a .msi file with VBScript code in its filename. | |||||
| CVE-2015-3640 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-07-25 | 6.0 MEDIUM | 7.5 HIGH |
| phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PHP scripts by injecting scripts via the path, filename, and dirs parameters to scheduled.php, and making requests to injected scripts. | |||||
| CVE-2015-3638 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2017-07-25 | 6.5 MEDIUM | 8.8 HIGH |
| phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | |||||
| CVE-2006-5507 | 1 Der Dirigent | 1 Der Dirigent | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/. | |||||
| CVE-2006-5439 | 1 Comdev | 1 Comdev Misc Tools | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5402 | 1 Phpmybibli | 1 Phpmybibli | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) include_path parameters in (a) cart.php; the (4) class_path parameter in (b) index.php; the (5) javascript_path parameter in (c) edit.php; the (6) include_path parameter in (d) circ.php; unspecified parameters in (e) select.php; and unspecified parameters in other files. | |||||
| CVE-2006-4844 | 2 Claroline, Dokeos | 2 Claroline, Open Source Learning And Knowledge Management Tool | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. | |||||
| CVE-2006-4215 | 1 Zen Cart | 1 Zen Cart | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter. | |||||