Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-0560 1 Contact Forms 1 Cforms 2025-04-09 N/A
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function
CVE-2007-5313 1 Script-solution.de 1 Picturesolution 2025-04-09 N/A
PHP remote file inclusion vulnerability in install/config.php in Picturesolution 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2007-5314 1 Xkiosk 1 Xkiosk Web 2025-04-09 N/A
PHP remote file inclusion vulnerability in system/funcs/xkurl.php in xKiosk WEB 3.0.1i, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PEARPATH parameter.
CVE-2007-5315 1 Softpedia 1 Livealbum 2025-04-09 N/A
PHP remote file inclusion vulnerability in common.php in LiveAlbum 0.9.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the livealbum_dir parameter.
CVE-2007-6585 1 Nmnnewsletter 1 Nmnnewsletter 2025-04-09 N/A
PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.
CVE-2008-0222 1 Wordpress 1 Filemanager 2025-04-09 N/A
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors.
CVE-2009-3705 1 Achievo 1 Achievo 2025-04-09 N/A
PHP remote file inclusion vulnerability in debugger.php in Achievo before 1.4.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
CVE-2006-3650 1 Microsoft 1 Office 2025-04-09 N/A
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
CVE-2008-5577 1 Scssboard 1 Scssboard 2025-04-09 N/A
PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote attackers to execute arbitrary PHP code via a URL in the inc_function parameter.
CVE-2008-3043 1 Typo3 1 Wec Discussion Forum 2025-04-09 N/A
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
CVE-2007-3892 1 Microsoft 1 Internet Explorer 2025-04-09 N/A
Microsoft Internet Explorer 5.01 through 7 allows remote attackers to spoof the URL address bar and other "trust UI" components via unspecified vectors, a different issue than CVE-2007-1091 and CVE-2007-3826.
CVE-2008-0112 1 Microsoft 2 Excel, Office 2025-04-09 N/A
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
CVE-2008-0115 1 Microsoft 4 Excel, Excel Viewer, Office and 1 more 2025-04-09 N/A
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
CVE-2008-0116 1 Microsoft 4 Excel, Excel Viewer, Office and 1 more 2025-04-09 N/A
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
CVE-2008-6958 1 Comsenz 1 Crossday Discuz\! Board 2025-04-09 N/A
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
CVE-2009-0527 1 Adaptcms 1 Adaptcms 2025-04-09 N/A
PHP remote file inclusion vulnerability in plugins/rss_importer_functions.php in AdaptCMS Lite 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.
CVE-2007-5098 1 Dragonfrugal 1 Dfd Cart 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.
CVE-2007-5363 2 Joomla, Webmaster-tips 2 Joomla, Panoramic Picture Viewer 2025-04-09 N/A
PHP remote file inclusion vulnerability in admin.panoramic.php in the Panoramic Picture Viewer (com_panoramic) mambot (plugin) 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5453 1 Php-stats 1 Php-stats 2025-04-09 N/A
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.
CVE-2007-1247 1 Aweb Labs 1 Awebnews 2025-04-09 N/A
Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.