Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2789 | 1 Mediawiki | 1 Mediawiki | 2011-07-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in MediaWikiParserTest.php in MediaWiki 1.16 beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2011-06-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | |||||
| CVE-2006-5258 | 1 Asbru Software | 2 Asbru Web Content Management, Asbru Website Manager | 2011-06-12 | 5.1 MEDIUM | N/A |
| The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked. | |||||
| CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2011-03-07 | 7.5 HIGH | N/A |
| The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | |||||
| CVE-2008-0858 | 2 Kerio, Visnetic | 2 Kerio Mailserver, Visnetic Antivirus Plug-in For Mail Server | 2011-03-07 | 7.5 HIGH | N/A |
| Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2007-6706 | 1 Ibm | 1 Lotus Notes | 2011-03-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP. | |||||
| CVE-2008-0042 | 1 Apple | 1 Mac Os X | 2011-03-07 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | |||||
| CVE-2008-0043 | 1 Apple | 1 Iphoto | 2011-03-07 | 9.3 HIGH | N/A |
| Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | |||||
| CVE-2008-0039 | 1 Apple | 2 Mac Os X, Mail | 2011-03-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | |||||
| CVE-2007-5100 | 1 Phpbb | 1 Phpbb Plus | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009. | |||||
| CVE-2007-4935 | 1 Phpffl | 1 Phpffl | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, (6) livedraft.php, (7) login.php, (8) my_team.php, (9) profile.php, (10) signup.php, (11) statistics.php, (12) transactions.php, (13) program_files/admin/custom_pages.php, or (14) program_files/common.php. NOTE: the program_files/livedraft/admin.php and program_files/livedraft/livedraft.php vectors are covered by CVE-2007-4934. | |||||
| CVE-2006-6748 | 1 Newxooper | 1 Newxooper | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6727 | 1 Inertianews | 1 Inertianews | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2006-6212 | 1 Webwiz | 1 Site News | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | |||||
| CVE-2007-0127 | 1 Opera | 1 Opera Browser | 2011-03-06 | 9.3 HIGH | N/A |
| The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. | |||||
| CVE-2010-4005 | 1 Gnome | 1 Tomboy | 2011-02-28 | 6.9 MEDIUM | N/A |
| The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for CVE-2005-4790.2. | |||||
| CVE-2010-4367 | 1 Awstats | 1 Awstats | 2011-02-22 | 7.5 HIGH | N/A |
| awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. | |||||
| CVE-2010-4732 | 1 Intellicom | 7 Netbiter Easyconnect Ec150, Netbiter Modbus Rtu-tcp Gateway Mb100, Netbiter Nb100 and 4 more | 2011-02-14 | 9.0 HIGH | N/A |
| cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway MB100, and Serial Ethernet Server SS100 on the IntelliCom NetBiter NB100 and NB200 platforms allows remote authenticated administrators to execute arbitrary code by using a config.html 2.conf action to replace the logo page's GIF image file with a file containing this code, a different vulnerability than CVE-2009-4463. | |||||
| CVE-2010-3749 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2011-01-25 | 9.3 HIGH | N/A |
| The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection." | |||||