Search Results (6924 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2009-0422 1 Tincan 1 Phplist 2026-04-23 N/A
Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php.
CVE-2007-0994 3 Debian, Mozilla, Redhat 4 Debian Linux, Firefox, Seamonkey and 1 more 2026-04-23 N/A
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.
CVE-2007-6325 1 Fastpublish 1 Fastpublish Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.
CVE-2008-6486 1 Shatm 1 Sharedlog 2026-04-23 N/A
PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter.
CVE-2009-0610 1 Dminnich 1 Simple Php News 2026-04-23 N/A
Multiple static code injection vulnerabilities in post.php in Simple PHP News 1.0 final allow remote attackers to inject arbitrary PHP code into news.txt via the (1) title or (2) date parameter, and then execute the code via a direct request to display.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1201 1 Microsoft 5 Biztalk Server, Commerce Server, Internet Security And Acceleration Server and 2 more 2026-04-23 N/A
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
CVE-2009-0673 1 Ravenphpscripts 1 Ravennuke 2026-04-23 N/A
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
CVE-2007-6550 1 Pmos Helpdesk 1 Pmos Helpdesk 2026-04-23 N/A
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
CVE-2007-6652 1 Xcms 1 Xcms 2026-04-23 N/A
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
CVE-2009-3814 1 Runcms 1 Runcms 2026-04-23 N/A
Static code injection vulnerability in RunCMS 2M1 allows remote authenticated administrators to execute arbitrary PHP code via the "Filter/Banning" feature, as demonstrated by modifying modules/system/cache/bademails.php using the "Prohibited: Emails" action, and other unspecified filters.
CVE-2008-6584 1 Torrentflux 1 Torrentflux 2026-04-23 N/A
html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory.
CVE-2008-6591 1 Lightneasy 1 Lightneasy 2026-04-23 N/A
LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php.
CVE-2008-3737 2 Spacetag, System Consultants 2 Lacoodast, La Cooda Wiz 2026-04-23 N/A
Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to execute arbitrary PHP scripts, and delete files, read files, and possibly have unknown other impact.
CVE-2007-6177 1 Php Con 1 Php Con 2026-04-23 N/A
PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter.
CVE-2008-1760 1 Blogator-script 1 Blogator-script 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
CVE-2008-3882 1 Zoneminder 1 Zoneminder 2026-04-23 N/A
Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.
CVE-2009-3817 2 Joomla, Ordasoft 2 Joomla\!, Com Booklibrary 2026-04-23 N/A
PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-1996 1 Codebreak 1 Codebreak 2026-04-23 N/A
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
CVE-2008-3919 1 Justsystems 1 Ichitaro 2026-04-23 N/A
Unspecified vulnerability in multiple JustSystems Ichitaro products allows remote attackers to execute arbitrary code via a crafted JTD document, as exploited in the wild in August 2008.
CVE-2007-2091 1 Tsdisplay4xoops 1 Tsdisplay4xoops 2026-04-23 N/A
PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter.