Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5604 1 Hp 1 Instant Support 2025-04-09 N/A
Buffer overflow in the ExtractCab function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long first argument, a different vulnerability than CVE-2007-5605, CVE-2007-5606, and CVE-2007-5607.
CVE-2007-5666 2 Adobe, Redhat 3 Acrobat, Acrobat Reader, Rhel Extras 2025-04-09 N/A
Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655.
CVE-2008-1770 1 Akamai 1 Download Manager 2025-04-09 N/A
CRLF injection vulnerability in Akamai Download Manager ActiveX control before 2.2.3.6 allows remote attackers to force the download and execution of arbitrary files via a URL parameter containing an encoded LF followed by a malicious target line.
CVE-2007-5163 1 Nexty 1 Nexty 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
CVE-2007-5164 1 Universibo 1 Universibo 2025-04-09 N/A
PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
CVE-2008-3434 1 Apple 1 Itunes 2025-04-09 N/A
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3570 1 Africabegone 1 Africa Be Gone 2025-04-09 N/A
PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter.
CVE-2009-3673 1 Microsoft 7 Internet Explorer, Windows 2000, Windows 7 and 4 more 2025-04-09 N/A
Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2007-5565 1 Phpscms 1 Phpscms 2025-04-09 9.8 Critical
PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request
CVE-2006-6887 1 Logahead 1 Logahead Unu 2025-04-09 N/A
Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5053 1 Joomla 2 Com Rssreader, Joomla 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.rssreader.php in the Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-2340 1 Phporacleview 1 Phporacleview 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.
CVE-2008-4720 1 Arzdev 1 Gemini Portal 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php.
CVE-2008-6006 1 Minbank 1 Micronation Banking System 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
CVE-2009-3822 2 Fijiwebdesign, Joomla 2 Com Ajaxchat, Joomla\! 2025-04-09 N/A
PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat (com_ajaxchat) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[mosConfig_absolute_path] parameter to tests/ajcuser.php.
CVE-2007-2144 1 Joomlapack 1 Joomlapack 2025-04-09 N/A
PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5492 1 Sitebar 1 Sitebar 2025-04-09 N/A
Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter.
CVE-2007-4933 1 Shop-script 1 Shop-script 2025-04-09 N/A
Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.
CVE-2007-4954 1 Joomla 1 Joom12pic Component 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2007-4978 1 Phpsyncml 1 Phpsyncml 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.