Search Results (6920 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1466 1 W-agora 1 W-agora 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1089 1 Microsoft 2 Office, Visio 2026-04-23 N/A
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
CVE-2008-1081 1 Opera 1 Opera Browser 2026-04-23 N/A
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
CVE-2008-1051 1 Phpprofiles 1 Phpprofiles 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
CVE-2008-1046 1 Quinsonnas 1 Quinsonnas Mail Checker 2026-04-23 N/A
PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.
CVE-2008-4673 1 Webbiscuits 1 Events Calendar 2026-04-23 N/A
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
CVE-2008-0743 1 Joovili 1 Joovili 2026-04-23 N/A
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
CVE-2008-6066 1 Meet\#web 1 Meet\#web 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) modules.php, (2) ManagerResource.class.php, (3) ManagerRightsResource.class.php, (4) RegForm.class.php, (5) RegResource.class.php, and (6) RegRightsResource.class.php in classes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0417 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-23 N/A
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
CVE-2009-4024 1 Pear 1 Pear 2026-04-23 N/A
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.
CVE-2008-4439 1 Martinwood 1 Datafeed Studio 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6006 1 Minbank 1 Micronation Banking System 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
CVE-2008-0283 1 Domphp 1 Domphp 2026-04-23 N/A
PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2008-0112 1 Microsoft 2 Excel, Office 2026-04-23 N/A
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
CVE-2008-0110 1 Microsoft 1 Office 2026-04-23 N/A
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
CVE-2008-4305 1 Php-collab 1 Php-collab 2026-04-23 N/A
Static code injection vulnerability in installation/setup.php in phpCollab 2.5 rc3 and earlier allows remote authenticated administrators to inject arbitrary PHP code into include/settings.php via the URI.
CVE-2007-4339 1 Phpcentral 1 Poll Script 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll Script 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter in (1) poll.php and (2) pollarchive.php. NOTE: a reliable third party states that this issue is resultant from a variable extraction error in functions.php.
CVE-2008-0289 1 Mansion Productions 1 Member Area System 2026-04-23 N/A
PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year."
CVE-2009-3128 1 Microsoft 5 Compatibility Pack Word Excel Powerpoint, Excel, Excel Viewer and 2 more 2026-04-23 N/A
Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
CVE-2007-4834 1 Phprealty 1 Phprealty 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/.