| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. |
| A vulnerability was found in Eastnets PaymentSafe 2.5.26.0. It has been classified as problematic. This affects an unknown part of the component BIC Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.5.27.0 is able to address this issue. |
| In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. |
| PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. |
| SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. |
| The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010. |
| Buffer overflow in the RegistryString function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5606. |
| PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect |
| PHP remote file inclusion vulnerability in bug.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. NOTE: CVE disputes this issue, since bug.php is not in communityPortals source distributions |
| Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker |
| Multiple PHP remote file inclusion vulnerabilities in x10Media x10 Automatic MP3 Script 1.5.5 allow remote attackers to execute arbitrary PHP code via a URL in the web_root parameter to (1) includes/function_core.php and (2) templates/layout_lyrics.php. |
| PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. |
| Multiple PHP remote file inclusion vulnerabilities in vgallite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dirpath parameter to _functions.php or the (2) lang parameter to index.php. NOTE: CVE disputes vector 1 because the applicable include_once is located in a function that is not called on a direct request, and because $dirpath is an argument to this function. CVE disputes vector 2 because "lang" is a constant string within an include_once, not a variable. The researcher is also unreliable |
| Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the script_root parameter to (1) delete.php, (2) edit.php, or (3) inc/common.inc.php; or (4) database.php, (5) entries.php, (6) index.php, (7) logout.php, or (8) settings.php in admin/. NOTE: a third party disputes this vulnerability, noting that these scripts defend against direct requests |
| Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root |
| PHP remote file inclusion vulnerability in sample.php in YaPiG 0.95b allows remote attackers to execute arbitrary PHP code via a URL in the YAPIG_PATH parameter. NOTE: this issue has been disputed by CVE, since YAPIG_PATH is defined before use |
| PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects offl_nflteam.php against direct requests |
| Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php. |