Search Results (6916 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4947 1 Myphppagetool 1 Myphppagetool 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in myphpPagetool 0.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the ptinclude parameter to (1) help1.php, (2) help2.php, (3) help3.php, (4) help4.php, (5) help5.php, (6) help6.php, (7) help7.php, (7) help8.php, (8) help9.php, or (10) index.php in doc/admin/.
CVE-2008-0648 1 Opensiteadmin 1 Opensiteadmin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
CVE-2008-3043 1 Typo3 1 Wec Discussion Forum 2026-04-23 N/A
Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types."
CVE-2008-0560 1 Contact Forms 1 Cforms 2026-04-23 N/A
PHP remote file inclusion vulnerability in cforms-css.php in Oliver Seidel cforms (contactforms), a Wordpress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the tm parameter. NOTE: CVE disputes this issue for 7.3, since there is no tm parameter, and the code exits with a fatal error due to a call to an undefined function
CVE-2008-4439 1 Martinwood 1 Datafeed Studio 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2832 1 Fullrevolution 1 Aspwebcalendar2008 2026-04-23 N/A
Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request to the file in calendar/eventimages/.
CVE-2008-4134 1 Phprealty 1 Phprealty 2026-04-23 N/A
PHP remote file inclusion vulnerability in manager/static/view.php in phpRealty 0.03 and earlier, and possibly other versions before 0.05, allows remote attackers to execute arbitrary PHP code via a URL in the INC parameter.
CVE-2008-2195 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
CVE-2008-6373 1 Nagios 1 Nagios 2026-04-23 N/A
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."
CVE-2009-3127 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-04-23 N/A
Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
CVE-2007-5056 6 Adodb Lite, Cmsmadesimple, Journalness and 3 more 6 Adodb Lite, Cms Made Simple, Journalness and 3 more 2026-04-23 N/A
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.
CVE-2008-5305 1 Twiki 1 Twiki 2026-04-23 N/A
Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.
CVE-2007-5298 1 Creamotion 1 Creamotion 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion allow remote attackers to execute arbitrary PHP code via a URL in the cfg[document_uri] parameter to (1) _administration/securite.php and (2) _administration/gestion_configurations/save_config.php.
CVE-2008-0743 1 Joovili 1 Joovili 2026-04-23 N/A
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
CVE-2007-2428 1 Ahhp-portal 1 Ahhp-portal 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter.
CVE-2008-0300 1 Mapbender 1 Mapbender 2026-04-23 N/A
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences.
CVE-2009-4431 2 Anything-digital, Joomla 2 Com Jcalpro, Joomla\! 2026-04-23 N/A
PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2007-5775 1 Bitdefender 3 Antivirus, Internet Security, Total Security 2026-04-23 9.8 Critical
Unspecified vulnerability in BitDefender allows attackers to execute arbitrary code via unspecified vectors, aka EEYEB-20071024. NOTE: as of 20071029, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2009-4024 1 Pear 1 Pear 2026-04-23 N/A
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.
CVE-2009-2457 1 Novell 1 Edirectory 2026-04-23 N/A
The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows remote attackers to cause a denial of service (crash) via a malformed bind LDAP packet.