Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5166 | 1 Sitesys | 1 Sitesys | 2008-11-14 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) inc/pagehead.inc.php or (2) inc/pageinit.inc.php. | |||||
| CVE-2007-4948 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2008-11-14 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252. | |||||
| CVE-2007-4949 | 1 Phpreactor | 1 Phpreactor | 2008-11-14 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root. | |||||
| CVE-2007-5165 | 1 Myipacng-stats | 1 Myipacng-stats | 2008-11-14 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in init.php in Jens Tkotz myIpacNG-stats (MINGS) 0.05 allows remote attackers to execute arbitrary PHP code via a URL in the MINGS_BASE parameter. NOTE: this issue is disputed by CVE because MINGS_BASE is defined before use. | |||||
| CVE-2007-4951 | 1 Yapig | 1 Yapig | 2008-11-14 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in sample.php in YaPiG 0.95b allows remote attackers to execute arbitrary PHP code via a URL in the YAPIG_PATH parameter. NOTE: this issue has been disputed by CVE, since YAPIG_PATH is defined before use. | |||||
| CVE-2007-5146 | 1 Der Dirigent | 1 Der Dirigent | 2008-11-14 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in dedi-group Der Dirigent 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the dedi_path parameter to (1) inc.generate_code.php, (2) fnc.type_forms.php, or (3) fnc.type.php in backend/inc/, or (4) frontend.php or (5) backend.php in projekt01/cms/inc/; or (6) the this_dir parameter to backend/inc/class.filemanager.php. NOTE: vectors 4 and 5 are disputed by CVE because PHP encounters a fatal function-call error on a direct request for the file, before reaching the include statement. | |||||
| CVE-2007-5148 | 1 Frontaccounting | 1 Frontaccounting | 2008-11-14 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in FrontAccounting (FA) 1.12 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_root parameter to (1) access/logout.php or certain PHP scripts under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, (7) purchasing/, (8) reporting/, (9) sales/, or (10) taxes/. NOTE: the config.php vector is already covered by CVE-2007-4279, and the login.php and language.php vectors are already covered by CVE-2007-5117. NOTE: this issue is disputed by CVE because path_to_root is defined before use in all of the other files reported in the original disclosure. | |||||
| CVE-2007-5014 | 1 Derek Leung | 1 Pslash | 2008-11-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 allow remote attackers to execute arbitrary PHP code via a URL in (1) the lvc_admin_dir parameter to modules/visitors2/admin/view-archiver.inc.php or (2) the lvc_include_dir parameter to modules/visitors2/include/menus.inc.php. NOTE: the modules/visitors2/include/config.inc.php vector is already covered by CVE-2006-4373. NOTE: vector 1 is disputed by CVE because PHP encounters a fatal instantiation error on a direct request for the file, before reaching the include statement. | |||||
| CVE-2007-5096 | 1 Guanxicrm | 1 Guanxicrm Business Solution | 2008-11-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter. | |||||
| CVE-2007-5097 | 1 Online Fantasy Football League | 1 Offl | 2008-11-14 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in lib/classes/offl_nflteam.php in Online Fantasy Football League (OFFL) 0.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter. NOTE: this issue is disputed by CVE because a __FILE__ test protects offl_nflteam.php against direct requests. | |||||
| CVE-2007-5114 | 1 Phpmyprofiler | 1 Phpmyprofiler | 2008-11-14 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in include/plugin/block.t.php in Peter Schmidt phpmyProfiler 0.9.6b allows remote attackers to execute arbitrary PHP code via a URL in the pmp_rel_path parameter. NOTE: this issue is disputed by CVE because the applicable require_once is in a function that is not called on a direct request. | |||||
| CVE-2007-4551 | 1 Agares Media | 1 Arcadem | 2008-11-14 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter. | |||||
| CVE-2007-3130 | 1 Joomla | 1 Jd-wiki | 2008-11-14 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) dwpage.php or (2) wantedpages.php, different vectors than CVE-2006-4074. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1153 | 1 Cutephp | 1 Cutenews | 2008-11-14 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445. | |||||
| CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2008-09-09 | 6.5 MEDIUM | N/A |
| Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | |||||
| CVE-2000-0155 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2008-09-09 | 7.2 HIGH | N/A |
| Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||||
| CVE-2008-3440 | 1 Sun | 1 Java | 2008-09-09 | 7.5 HIGH | N/A |
| Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3442 | 1 Winzip | 1 Winzip | 2008-09-05 | 7.5 HIGH | N/A |
| WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3437 | 1 Openoffice | 1 Openoffice.org | 2008-09-05 | 7.5 HIGH | N/A |
| OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3436 | 1 Notepad\+\+ | 1 Notepad\+\+ | 2008-09-05 | 7.5 HIGH | N/A |
| The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||