Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (6918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-3434 1 Apple 1 Itunes 2026-04-23 N/A
Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-4624 1 Ftrsoft 1 Fast Click Sql Lite 2026-04-23 N/A
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
CVE-2006-7181 1 Morcego Cms 1 Morcego Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker
CVE-2007-5163 1 Nexty 1 Nexty 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions/layout.php in Nexty 1.01.A Beta allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
CVE-2007-5164 1 Universibo 1 Universibo 2026-04-23 N/A
PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request
CVE-2008-4529 1 Asicms 1 Asicms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/.
CVE-2007-5165 1 Myipacng-stats 1 Myipacng-stats 2026-04-23 N/A
PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use
CVE-2008-0502 1 Connectix 1 Connectix Boards 2026-04-23 N/A
PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter.
CVE-2007-5166 1 Sitesys 1 Sitesys 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php.
CVE-2008-0648 1 Opensiteadmin 1 Opensiteadmin 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/.
CVE-2009-0464 1 Groonesworld 1 Gbook 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
CVE-2006-7237 1 Ixprim-cms 1 Ixprim 2026-04-23 N/A
PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0417 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
CVE-2007-5167 1 Phplister 1 Phplister 2026-04-23 N/A
PHP remote file inclusion vulnerability in .systeme/fonctions.php in phpLister 0.5-pre2 allows remote attackers to execute arbitrary PHP code via a URL in the nom_rep_systeme parameter.
CVE-2008-4439 1 Martinwood 1 Datafeed Studio 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5173 2 Openid, Phpbb 2 Openid, Phpbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/openid/Auth/OpenID/BBStore.php in phpBB Openid 0.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the openid_root_path parameter.
CVE-2007-5175 1 Actsite 1 Actsite 2026-04-23 N/A
PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 Beta allows remote attackers to execute arbitrary PHP code via a URL in the BaseCfg[BaseDir] parameter.
CVE-2009-3134 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-04-23 N/A
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."
CVE-2007-1247 1 Aweb Labs 1 Awebnews 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.
CVE-2008-3433 1 Speedbit 1 Download Accelerator Plus 2026-04-23 N/A
SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.