Total
3303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1139 | 1 Cromosoft | 1 Simple Plantilla Php | 2018-10-16 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension. | |||||
| CVE-2007-1078 | 1 Flashgamescript | 1 Flashgamescript | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. | |||||
| CVE-2007-0986 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. | |||||
| CVE-2007-0854 | 1 Cpanel | 1 Webhost Manager | 2018-10-16 | 7.5 HIGH | N/A |
| Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. NOTE: a third party claims that this issue is not file inclusion because the contents are not parsed, but the attack can be used to overwrite files in /var/cpanel/objcache or provide unexpected web page contents. | |||||
| CVE-2007-0699 | 1 Portail Web Php | 1 Portail Web Php | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | |||||
| CVE-2007-0649 | 1 Openemr | 1 Openemr | 2018-10-16 | 4.3 MEDIUM | N/A |
| Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error. | |||||
| CVE-2007-0134 | 1 Igeneric | 1 Ig Shop | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4. | |||||
| CVE-2006-7130 | 1 Jinzora | 1 Jinzora | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770. | |||||
| CVE-2006-7100 | 1 Phpbb | 1 Insert User | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-6958 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076. | |||||
| CVE-2008-0786 | 1 Cacti | 1 Cacti | 2018-10-15 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-0743 | 1 Joovili | 1 Joovili | 2018-10-15 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter. | |||||
| CVE-2008-0687 | 1 Youtube | 1 Clone Script | 2018-10-15 | 7.5 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. | |||||
| CVE-2008-0635 | 1 Openads | 1 Openads | 2018-10-15 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. | |||||
| CVE-2008-0582 | 1 Skype Technologies | 1 Skype | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. | |||||
| CVE-2008-0450 | 1 Blog Cms | 1 Blog Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c allow remote attackers to execute arbitrary PHP code via a URL in the (1) DIR_PLUGINS parameter to (a) index.php, and the (2) DIR_LIBS parameter to (b) media.php and (c) xmlrpc/server.php in admin/. | |||||
| CVE-2008-0433 | 1 Agares Media | 1 Phpautovideo | 2018-10-15 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. | |||||
| CVE-2008-0417 | 1 Mozilla | 1 Firefox | 2018-10-15 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | |||||
| CVE-2008-0382 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. | |||||
| CVE-2008-0289 | 1 Mansion Productions | 1 Member Area System | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." | |||||