Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-6649 1 Matpo Bilder Galerie 1 Matpo Bilder Galerie 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter.
CVE-2007-6655 1 Matpo Bilder Galerie 1 Kontakt Formular 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2008-7183 1 Evacms 1 Eva Cms 2025-04-09 N/A
PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php.
CVE-2008-0858 2 Kerio, Visnetic 2 Kerio Mailserver, Visnetic Antivirus Plug-in For Mail Server 2025-04-09 N/A
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2009-0160 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 N/A
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
CVE-2007-1472 1 T-systems Solutions For Research Gmbh 1 Groupit 2025-04-09 N/A
Variable overwrite vulnerability in groupit/base/groupit.start.inc in Groupit 2.00b5 allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via arguments that are written to $_GLOBALS, as demonstrated using a URL in the c_basepath parameter to (1) content.php, (2) userprofile.php, (3) password.php, (4) dispatch.php, and (5) deliver.php in html/, and possibly (6) load.inc.php and related files.
CVE-2008-1016 1 Apple 1 Quicktime 2025-04-09 N/A
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
CVE-2008-1081 1 Opera 1 Opera Browser 2025-04-09 N/A
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
CVE-2009-0513 1 Webframe 1 Webframe 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 allow remote attackers to execute arbitrary PHP code via a URL in the classFiles parameter to (1) admin/doc/index.php, (2) index.php, and (3) base/menu.php in mod/.
CVE-2008-1958 1 Easyscripts 1 Tr Script News 2025-04-09 N/A
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.
CVE-2008-1963 1 Quate 1 Grape Web Statistics 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter.
CVE-2009-3850 1 Blender 1 Blender 2025-04-09 N/A
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
CVE-2009-3865 2 Redhat, Sun 4 Network Satellite, Rhel Extras, Jdk and 1 more 2025-04-09 N/A
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
CVE-2008-2128 1 Cms Faethon 1 Cms Faethon 2025-04-09 N/A
PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185.
CVE-2008-2296 1 Rgboard 1 Rgboard 2025-04-09 N/A
PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2008-2497 1 Mambo-foundation 1 Mambo 2025-04-09 N/A
CRLF injection vulnerability in Mambo before 4.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2009-3986 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2025-04-09 N/A
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
CVE-2008-2638 1 1-script 1 1-book 2025-04-09 N/A
Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.
CVE-2008-2690 1 Browsercrm 1 Browsercrm 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) contact_view.php, and (5) contact.php in pub/, different vectors than CVE-2008-2689. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2769 1 Phpraider 1 Phpraider 2025-04-09 N/A
PHP remote file inclusion vulnerability in authentication/smf/smf.functions.php in Simple Machines phpRaider 1.0.6 and 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the pConfig_auth[smf_path] parameter.