Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5786 | 1 A-enterprise | 1 Gosamba | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) HTML_oben.php, (2) inc_freigabe.php, (3) inc_freigabe1.php, or (4) inc_freigabe3.php in include/; (5) inc_group.php; (6) inc_manager.php; (7) inc_newgroup.php; (8) inc_smb_conf.php; (9) inc_user.php; or (10) main.php. | |||||
| CVE-2007-5841 | 1 Nuboard | 1 Nuboard | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in nuBoard 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | |||||
| CVE-2007-5842 | 1 Vortex Portal | 1 Vortex Portal | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vortex Portal 1.0.42 allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter to (1) admincp/auth/secure.php or (2) admincp/auth/checklogin.php. | |||||
| CVE-2007-5843 | 1 Scwiki | 1 Scwiki | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in scWiki 1.0 Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the pathdot parameter. | |||||
| CVE-2007-5845 | 1 Guppy | 1 Guppy | 2017-09-28 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc. | |||||
| CVE-2007-5995 | 1 Php-tools | 1 Patbbcode | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in examples/patExampleGen/bbcodeSource.php in patBBcode 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the example parameter. | |||||
| CVE-2007-6027 | 1 Justjoomla | 1 Carousel Flash Image Gallery | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.jjgallery.php in the Carousel Flash Image Gallery (com_jjgallery) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-6038 | 1 Joomlaequipment | 1 Juser | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in xajax_functions.php in the JUser (com_juser) 1.0.14 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-6057 | 1 Datecomm | 1 Social Networking Script | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. | |||||
| CVE-2007-6088 | 1 Phpbbviet | 1 Phpbbviet | 2017-09-28 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2007-6089 | 1 Mebiblio | 1 Mebiblio | 2017-09-28 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. | |||||
| CVE-2007-6177 | 1 Php Con | 1 Php Con | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Exchange/include.php in PHP_CON 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the webappcfg[APPPATH] parameter. | |||||
| CVE-2007-6229 | 1 Rayzz | 1 Rayzz Script | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter. | |||||
| CVE-2007-6231 | 1 Tellmatic | 1 Tellmatic | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server. | |||||
| CVE-2007-6289 | 1 Iptel | 1 Serweb | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358. | |||||
| CVE-2007-6324 | 1 City Writer | 1 Citywriter | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2007-6325 | 1 Fastpublish | 1 Fastpublish Cms | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726. | |||||
| CVE-2007-6464 | 1 Form Tools | 1 Form Tools | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/. | |||||
| CVE-2007-6542 | 1 Agares Media | 1 Arcadem | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. | |||||
| CVE-2007-6550 | 1 Pmos Helpdesk | 1 Pmos Helpdesk | 2017-09-28 | 7.5 HIGH | N/A |
| form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter. | |||||