Vulnerabilities (CVE)

Filtered by CWE-94
Total 4708 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-5173 2 Openid, Phpbb 2 Openid, Phpbb 2025-04-09 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-5313 1 Script-solution.de 1 Picturesolution 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-6555 1 Phil Taylor 1 Mosdirectory 2025-04-09 9.3 HIGH N/A
PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter.
CVE-2008-6474 1 F5 1 Tmos 2025-04-09 9.0 HIGH N/A
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
CVE-2007-5009 1 Phpbb2 1 Phpbb2 Plus 2025-04-09 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in language/lang_german/lang_main_album.php in phpBB Plus 1.53, and 1.53a before 20070922, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2007-5234 1 Ossigeno 1 Ossigeno 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.
CVE-2009-3705 1 Achievo 1 Achievo 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2007-4815 1 Markus Iser 1 Ed Engine 2025-04-09 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2) post.php, (3) view.php, or (4) viewitem.php in source/mod/rss/.
CVE-2007-6396 1 Myupb 1 Flat Php Board 2025-04-09 7.5 HIGH N/A
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
CVE-2008-1059 1 Wordpress 1 Sniplets Plugin 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.
CVE-2008-6531 1 Atlassian 1 Jira 2025-04-09 6.8 MEDIUM N/A
The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."
CVE-2007-5663 1 Adobe 2 Acrobat, Acrobat Reader 2025-04-09 9.3 HIGH N/A
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
CVE-2008-2195 1 Deluxebb 1 Deluxebb 2025-04-09 6.5 MEDIUM N/A
Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
CVE-2008-6513 1 Aphpkb 1 Aphpkb 2025-04-09 6.8 MEDIUM N/A
Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php.
CVE-2007-5165 1 Myipacng-stats 1 Myipacng-stats 2025-04-09 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use
CVE-2008-2016 1 Chilkat Software 1 Chicomas 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Chilek Content Management System (aka ChiCoMaS) 2.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter to the default URI under install/. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences.
CVE-2007-1141 1 Reamday Enterprises 1 Magic News Plus 2025-04-09 7.5 HIGH N/A
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.
CVE-2007-5331 2 Broadcom, Ca 6 Brightstor Arcserve Backup, Brightstor Enterprise Backup, Business Protection Suite and 3 more 2025-04-09 10.0 HIGH N/A
Queue.dll for the message queuing service (LQserver.exe) in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allows remote attackers to execute arbitrary code via a malformed ONRPC protocol request for operation 0x76, which causes ARCserve Backup to dereference arbitrary pointers.
CVE-2009-2530 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2025-04-09 9.3 HIGH N/A
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.
CVE-2009-2529 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2025-04-09 9.3 HIGH 8.1 HIGH
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."