Total
4625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0517 | 1 Phpslash | 1 Phpslash | 2025-04-09 | 10.0 HIGH | N/A |
| Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5407 | 1 Joomlaequipment | 1 Jcontentsubscription | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/. | |||||
| CVE-2009-0068 | 2 Freedesktop, Mozilla | 2 Xdg-utils, Firefox | 2025-04-09 | 6.8 MEDIUM | N/A |
| Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. | |||||
| CVE-2007-2185 | 1 Supasite | 1 Supasite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php. | |||||
| CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | |||||
| CVE-2008-3440 | 1 Sun | 1 Java | 2025-04-09 | 7.5 HIGH | N/A |
| Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2009-2169 | 1 Edraw | 1 Pdf Viewer Component | 2025-04-09 | 9.3 HIGH | N/A |
| Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | |||||
| CVE-2007-5020 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher. | |||||
| CVE-2008-4188 | 1 Typo3 | 1 Secure Directory | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) extension before 1.0.2 allows remote attackers to execute arbitrary code via unknown vectors related to "injection of control characters." | |||||
| CVE-2007-4458 | 1 Firesoft | 1 Firesoft | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/class/class_tpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cache_file parameter. | |||||
| CVE-2007-5615 | 1 Mortbay Jetty | 1 Jetty | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-2481 | 1 Phpraider | 1 Phpraider | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in authentication/phpbb3/phpbb3.functions.php in phpRaider 1.0.7 and 1.0.7a, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[phpbb_path] parameter. | |||||
| CVE-2008-0786 | 1 Cacti | 1 Cacti | 2025-04-09 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2025-04-09 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | |||||
| CVE-2009-3426 | 1 Databay | 1 Maxcms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter. | |||||
| CVE-2009-1841 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
| js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | |||||
| CVE-2009-1025 | 1 Beerwin | 1 Phplinkadmin | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-5139 | 1 Chupix | 1 Chupix Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. | |||||
| CVE-2009-2665 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. | |||||
| CVE-2007-6655 | 1 Matpo Bilder Galerie | 1 Kontakt Formular | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||