Total
4618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2950 | 1 Poppler | 1 Poppler | 2025-04-09 | 7.5 HIGH | N/A |
| The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. | |||||
| CVE-2007-5693 | 1 Sitebar | 1 Sitebar | 2025-04-09 | 6.0 MEDIUM | N/A |
| Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492. | |||||
| CVE-2009-3865 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 9.3 HIGH | N/A |
| The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. | |||||
| CVE-2008-5334 | 1 Nitrotech | 1 Nitrotech | 2025-04-09 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
| CVE-2008-1093 | 1 Acresso | 2 Flexnet Connect, Intallshield Update Agent | 2025-04-09 | 9.3 HIGH | N/A |
| Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. | |||||
| CVE-2008-0572 | 1 Mindmeld | 1 Mindmeld | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/. | |||||
| CVE-2006-7147 | 1 Phpbb | 1 Import Tools | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Import Tools Mod 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-5102 | 1 Wordsmith | 1 Wordsmith | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.inc.php in Wordsmith 1.0 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _path parameter. | |||||
| CVE-2008-0114 | 1 Microsoft | 3 Excel, Excel Viewer, Office | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption. | |||||
| CVE-2009-2528 | 1 Microsoft | 27 .net Framework, Excel Viewer, Expression Web and 24 more | 2025-04-09 | 9.3 HIGH | N/A |
| GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability." | |||||
| CVE-2007-5221 | 1 Poppawid | 1 Poppawid | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter. | |||||
| CVE-2007-5800 | 2 Tom Willmot, Wordpress | 2 Backupwordpress Plugin, Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/. | |||||
| CVE-2008-4810 | 1 Smarty | 1 Smarty | 2025-04-09 | 7.5 HIGH | N/A |
| The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. | |||||
| CVE-2007-1165 | 1 Dbscripts | 1 Dbguestbook | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. | |||||
| CVE-2008-2345 | 1 Typo3 | 1 Air Filemanager | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." | |||||
| CVE-2008-1060 | 1 Wordpress | 1 Sniplets Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter. | |||||
| CVE-2007-5567 | 1 Galmeta | 1 Galmeta Post | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _lib/fckeditor/upload_config.php in Galmeta Post 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the DDS parameter. | |||||
| CVE-2009-4431 | 2 Anything-digital, Joomla | 2 Com Jcalpro, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-5453 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 8.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php. | |||||
| CVE-2007-5149 | 1 North Country Public Radio | 1 Public Media Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in NewsCMS/news/newstopic_inc.php in North Country Public Radio Public Media Manager (PMM) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the indir parameter. | |||||