Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3424 1 Databay 1 Maxcms 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) is_projectPath parameter to includes/InstantSite/inc.is_root.php; GLOBALS[thCMS_root] parameter to (2) classes/class.Tree.php, (3) includes/inc.thcms_admin_mediamanager.php, and (4) modul/mod.rssreader.php; is_path parameter to (5) class.tasklist.php, (6) class.thcms.php, (7) class.thcms_content.php, (8) class.thcms_modul_parent.php, (9) class.thcms_page.php, and (10) class.thcsm_user.php in classes/; and (11) includes/InstantSite/class.Tree.php; and thCMS_root parameter to (12) classes/class.thcms_modul.php; (13) inc.page_edit_tasklist.php, (14) inc.thcms_admin_overview_backup.php, and (15) inc.thcms_edit_content.php in includes/; and (16) class.thcms_modul_parent_xml.php, (17) mod.cmstranslator.php, (18) mod.download.php, (19) mod.faq.php, (20) mod.guestbook.php, (21) mod.html.php, (22) mod.menu.php, (23) mod.news.php, (24) mod.newsticker.php, (25) mod.rss.php, (26) mod.search.php, (27) mod.sendtofriend.php, (28) mod.sitemap.php, (29) mod.tagdoc.php, (30) mod.template.php, (31) mod.test.php, (32) mod.text.php, (33) mod.upload.php, and (34) mod.users.php in modul/.
CVE-2006-5418 1 Phpbb 1 Searchindexer 2025-04-09 N/A
PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2006-4695 1 Microsoft 1 Office Web Components 2025-04-09 N/A
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
CVE-2008-3764 1 Turnkeywebtools 1 Php Live Helper 2025-04-09 N/A
Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php.
CVE-2008-7073 2 Ekkaia, Rssmodule 2 Pie Web, Rss Module 2025-04-09 N/A
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
CVE-2008-2233 1 Openwsman 1 Openwsman 2025-04-09 N/A
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors.
CVE-2006-5519 1 Mambweather 1 Mambweather 2025-04-09 N/A
PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-5612 1 Michel Pradel 1 Gestart 2025-04-09 N/A
PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.
CVE-2006-5621 1 Ask Rave 1 Ask Rave 2025-04-09 N/A
PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.
CVE-2008-4138 1 Technote 1 Technote 2025-04-09 N/A
PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.
CVE-2008-4206 1 Attachmax 1 Dolphin 2025-04-09 N/A
PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter.
CVE-2007-5781 1 Sige 1 Sige 2025-04-09 N/A
PHP remote file inclusion vulnerability in inc/sige_init.php in Sige 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the SYS_PATH parameter.
CVE-2007-6464 1 Form Tools 1 Form Tools 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.
CVE-2008-5173 1 Testmaker 1 Testmaker 2025-04-09 N/A
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
CVE-2008-1043 1 Linux Web Shop 1 Php User Base 2025-04-09 N/A
PHP remote file inclusion vulnerability in templates/default/header.inc.php in Linux Web Shop (LWS) php User Base 1.3 BETA allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter.
CVE-2008-1060 1 Wordpress 1 Sniplets Plugin 2025-04-09 N/A
Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter.
CVE-2008-1068 1 Portail Web Php 1 Portail Web Php 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.
CVE-2006-7046 1 Clan Manager Pro 1 Clan Manager Pro 2025-04-09 N/A
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5922 1 Cfagcms 1 Cfagcms 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters.
CVE-2008-6591 1 Lightneasy 1 Lightneasy 2025-04-09 N/A
LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.