Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0251 1 Ryneezy 1 Phosheezy 2025-04-09 N/A
Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information.
CVE-2007-4608 1 Winterburns.co.uk 1 Epersonnel 2025-04-09 N/A
PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter.
CVE-2009-0955 1 Apple 1 Quicktime 2025-04-09 N/A
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
CVE-2007-5099 1 David Watters 1 Helplink 2025-04-09 N/A
PHP remote file inclusion vulnerability in show.php in David Watters Helplink 0.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.
CVE-2007-5124 1 Aol 1 Instant Messenger 2025-04-09 N/A
The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.5.3.12 and earlier allows remote attackers to execute arbitrary code via unspecified web script or HTML in an instant message, related to AIM's filtering of "specific tags and attributes" and the lack of Local Machine Zone lockdown. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4901.
CVE-2008-2434 1 Trend Micro 1 Housecall 2025-04-09 N/A
The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2008-4673 1 Webbiscuits 1 Events Calendar 2025-04-09 N/A
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
CVE-2008-2192 1 Itcms 1 Itcms 2025-04-09 N/A
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
CVE-2007-4921 1 Ajax 1 File Browser 2025-04-09 N/A
PHP remote file inclusion vulnerability in _includes/settings.inc.php in Ajax File Browser 3 Beta allows remote attackers to execute arbitrary PHP code via a URL in the approot parameter.
CVE-2008-3402 1 Hscripts 1 Hiox Random Ad 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-5920 1 Tigris 1 Websvn 2025-04-09 N/A
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
CVE-2008-4704 1 Mitre 1 Sezhoo 2025-04-09 N/A
PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.
CVE-2008-5167 1 Boonex 1 Orca 2025-04-09 N/A
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
CVE-2009-1278 1 Gravityboardx 1 Gravity Board X 2025-04-09 N/A
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
CVE-2009-1248 1 Acutecp 1 Acute Control Panel 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/.
CVE-2009-1230 1 Podcast Generator 1 Podcast Generator 2025-04-09 N/A
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action.
CVE-2009-3672 1 Microsoft 6 Internet Explorer, Windows 2000, Windows Server 2003 and 3 more 2025-04-09 N/A
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
CVE-2007-6042 1 Swsoft 1 Confixx Professional 2025-04-09 N/A
PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft Confixx Professional 3.2.1 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2270 1 Phpway 1 Kostenloses Linkmanagementscript 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php.
CVE-2008-2689 1 Browsercrm 1 Browsercrm 2025-04-09 N/A
PHP remote file inclusion vulnerability in pub/clients.php in BrowserCRM 5.002.00 allows remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter.