Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6689 1 Paristemi 1 Paristemi 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6710 1 Matteolucarelli 1 Pgmreloaded 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
CVE-2009-3464 1 Adobe 1 Shockwave Player 2025-04-09 N/A
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.
CVE-2009-3465 1 Adobe 1 Shockwave Player 2025-04-09 N/A
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3464. NOTE: some of these details are obtained from third party information.
CVE-2009-3478 2 Mozilla, Nightlight 2 Firefox, Fireftp 2025-04-09 N/A
Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.
CVE-2009-3511 1 Fh54 1 Justvisual 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the fs_jVroot parameter to (1) sites/site/pages/index.php, (2) sites/test/pages/contact.php, (3) system/pageTemplate.php, and (4) system/utilities.php.
CVE-2009-3518 1 Ibm 1 Installation Manager 2025-04-09 N/A
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
CVE-2006-6720 1 Azucar Cms 1 Azucar Cms 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter.
CVE-2009-3576 1 Autodesk 2 Autodesk Softimage, Autodesk Softimage Xsi 2025-04-09 N/A
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
CVE-2006-6727 1 Inertianews 1 Inertianews 2025-04-09 N/A
PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
CVE-2009-3660 1 Efrontlearning 1 Efront 2025-04-09 N/A
PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
CVE-2009-3796 2 Adobe, Redhat 3 Adobe Air, Flash Player, Rhel Extras 2025-04-09 N/A
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
CVE-2009-3817 2 Joomla, Ordasoft 2 Joomla\!, Com Booklibrary 2025-04-09 N/A
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3814 1 Runcms 1 Runcms 2025-04-09 N/A
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.
CVE-2007-5845 1 Guppy 1 Guppy 2025-04-09 N/A
Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.
CVE-2009-2529 1 Microsoft 8 Ie, Internet Explorer, Windows 2000 and 5 more 2025-04-09 8.1 High
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."
CVE-2007-5215 1 Jacob Hinkle 1 Godsend 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle GodSend 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the SCRIPT_DIR parameter to (1) gtk/main.inc.php or (2) cmdline.inc.php. NOTE: vector 2 is disputed by CVE because it is contained in unaccessible code, requiring that two undefined constants be equal.
CVE-2007-5216 1 E-ark 1 E-ark 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already covered by CVE-2006-6086.
CVE-2007-3773 1 Generic Youtube Clone Script 1 Generic Youtube Clone Script 2025-04-09 N/A
Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators.
CVE-2009-2530 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2025-04-09 N/A
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2531.