Search Results (6910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-3065 1 Rein Velt 1 Vedit 2026-04-23 N/A
PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in Ve-EDIT 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the highlighter parameter.
CVE-2006-6976 1 Centipaid 1 Centipaid 2026-04-23 N/A
PHP remote file inclusion vulnerability in centipaid_class.php in CentiPaid 1.4.2 and earlier allows remote attackers to execute arbitrary code via a URL in the absolute_path parameter.
CVE-2009-2262 1 Myiosoft 1 Ajaxportal 2026-04-23 N/A
PHP remote file inclusion vulnerability in install/di.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the pathtoserverdata parameter. NOTE: the installation instructions specify deleting the install/ folder.
CVE-2007-5772 1 Flatnuke3 1 Flatnuke3 2026-04-23 N/A
Direct static code injection vulnerability in the download module in Flatnuke 3 allows remote authenticated administrators to inject arbitrary PHP code into a description.it.php file in a subdirectory of Download/ by saving a description and setting fneditmode to 1. NOTE: unauthenticated remote attackers can exploit this by leveraging a cookie manipulation issue.
CVE-2007-5221 1 Poppawid 1 Poppawid 2026-04-23 N/A
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
CVE-2007-1148 1 Lovecms 1 Lovecms 2026-04-23 N/A
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
CVE-2008-3435 1 Linkedin 1 Browser Toolbar 2026-04-23 N/A
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2007-4817 1 Detodas 1 Restaurante Component For Joomla 2026-04-23 N/A
Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/.
CVE-2009-2118 1 Irfanview 1 Irfanview 2026-04-23 N/A
Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
CVE-2009-0422 1 Tincan 1 Phplist 2026-04-23 N/A
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
CVE-2007-3037 1 Microsoft 1 Windows Media Player 2026-04-23 N/A
Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins."
CVE-2009-3541 1 Phpgenealogy 1 Phpgenealogy 2026-04-23 N/A
PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter.
CVE-2008-5750 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-23 N/A
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
CVE-2008-2233 1 Openwsman 1 Openwsman 2026-04-23 N/A
The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors.
CVE-2008-3285 1 Alain Barbet 1 Filesys Smbclientparser 2026-04-23 N/A
The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
CVE-2006-5480 1 Castor 1 Php Web Builder 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
CVE-2009-3576 1 Autodesk 2 Autodesk Softimage, Autodesk Softimage Xsi 2026-04-23 N/A
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
CVE-2006-5399 1 Phprecipebook 1 Phprecipebook 2026-04-23 N/A
PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the g_rb_basedir parameter.
CVE-2008-2193 1 Scorpnews 1 Scorpnews 2026-04-23 N/A
PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.
CVE-2008-2841 2 Microsoft, Xchat 3 Internet Explorer, Windows Nt, Xchat 2026-04-23 N/A
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.