Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0417 | 1 Mozilla | 1 Firefox | 2018-10-15 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | |||||
| CVE-2008-0382 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. | |||||
| CVE-2008-0289 | 1 Mansion Productions | 1 Member Area System | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in view_func.php in Member Area System (MAS) 1.7 and possibly others allows remote attackers to execute arbitrary PHP code via a URL in the i parameter. NOTE: a second vector might exist via the l parameter. NOTE: as of 20080118, the vendor has disputed the set of affected versions, stating that the issue "is already fixed, for almost a year." | |||||
| CVE-2008-0202 | 1 Expressionengine | 1 Expressionengine | 2018-10-15 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter. | |||||
| CVE-2008-0119 | 1 Microsoft | 1 Office | 2018-10-15 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability." | |||||
| CVE-2008-0116 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2018-10-15 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability." | |||||
| CVE-2008-0113 | 1 Microsoft | 1 Excel Viewer | 2018-10-15 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability." | |||||
| CVE-2007-6548 | 1 Runcms | 1 Runcms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/. | |||||
| CVE-2007-6539 | 1 Idevspot | 1 Isupport | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter. | |||||
| CVE-2007-6515 | 1 Sitescape | 2 Sitescape Forum St, Sitescape Forum Zx | 2018-10-15 | 7.5 HIGH | N/A |
| support/dispatch.cgi in SiteScape Forum allows remote attackers to execute arbitrary TCL code via code separator characters in the query string. | |||||
| CVE-2007-6485 | 1 Centreon | 1 Centreon | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/. | |||||
| CVE-2007-6459 | 1 Anon Proxy Server | 1 Anon Proxy Server | 2018-10-15 | 6.8 MEDIUM | N/A |
| Anon Proxy Server 0.100, and probably 0.101, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the host parameter to diagdns.php, and (2) the host parameter and possibly (3) the port parameter to diagconnect.php, a different vulnerability than CVE-2007-6460. | |||||
| CVE-2007-6412 | 1 Bitweaver | 1 Bitweaver | 2018-10-15 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | |||||
| CVE-2007-6396 | 1 Myupb | 1 Flat Php Board | 2018-10-15 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile. | |||||
| CVE-2007-6348 | 1 Squirrelmail | 1 Squirrelmail | 2018-10-15 | 6.8 MEDIUM | N/A |
| SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2007-6296 | 1 Phpmychat | 1 Phpmychat | 2018-10-15 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter. | |||||
| CVE-2007-6139 | 1 Mp3 | 1 Toolbox | 2018-10-15 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox 1.0 beta 5 allows remote attackers to execute arbitrary PHP code via a URL in the skin_file parameter. | |||||
| CVE-2007-6105 | 1 Talkback | 1 Talkback | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) language_file parameter to (a) comments-display-tpl.php and (b) addons/separate-comments-mod/my-comments-display-tpl.php and the (2) config[comments_form_tpl] parameter to comments-display-tpl.php. | |||||
| CVE-2007-6082 | 1 Sciurus | 1 Sciurus Hosting Panel | 2018-10-15 | 9.3 HIGH | N/A |
| Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php. | |||||
| CVE-2007-5914 | 1 Jean Charles | 1 Jbc Explorer | 2018-10-15 | 6.8 MEDIUM | N/A |
| Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913. | |||||