Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2686 | 1 Actionapps | 1 Actionapps | 2017-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder. | |||||
| CVE-2017-9807 | 1 Openwebif Project | 1 Openwebif | 2017-10-12 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python code or OS commands via api/saveconfig. | |||||
| CVE-2007-2609 | 1 Gnuedu | 1 Gnu Edu | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php. | |||||
| CVE-2007-2900 | 1 Scallywag.org | 1 Scallywag | 2017-10-10 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Scallywag 2005-04-25 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/. | |||||
| CVE-2007-2899 | 1 Navboard | 1 Navboard | 2017-10-10 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in admin_config.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action. | |||||
| CVE-2007-2826 | 1 Madirish Webmail | 1 Madirish Webmail | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. | |||||
| CVE-2007-2816 | 1 Ol Bookmarks | 1 Ol Bookmarks | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/. | |||||
| CVE-2007-2575 | 1 Vm Watermark | 1 Vm Watermark | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in watermark.php in the vm (aka Jean-Francois Laflamme) watermark 0.4.1 mod for Gallery allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | |||||
| CVE-2007-2572 | 1 Noah | 1 Noah | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/noevents/templates/mfa_theme.php in NoAh (aka PHP Content Architect, phparch) 0.9 pre 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpls[1] parameter. | |||||
| CVE-2007-2458 | 1 Pixaria | 1 Pixaria Gallery | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457. | |||||
| CVE-2007-2340 | 1 Phporacleview | 1 Phporacleview | 2017-10-10 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters. | |||||
| CVE-2007-2319 | 1 Autostand Category | 1 Autostand Category | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in the AutoStand 1.1 and earlier module for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to mod_as_category.php in (1) modules/mod_as_category/ or (2) modules/. | |||||
| CVE-2007-2185 | 1 Supasite | 1 Supasite | 2017-10-10 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php. | |||||
| CVE-2007-2144 | 1 Joomlapack | 1 Joomlapack | 2017-10-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2091 | 1 Tsdisplay4xoops | 1 Tsdisplay4xoops | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter. | |||||
| CVE-2007-2070 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php. | |||||
| CVE-2007-2005 | 2 Joomla, Mambo | 2 Taskhopper Component, Taskhopper Component | 2017-10-10 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. | |||||
| CVE-2007-2521 | 1 E-gads | 1 E-gads | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in E-GADS! before 2.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the locale parameter. | |||||
| CVE-2007-1233 | 1 Stwc-counter | 1 Stwc-counter | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter. | |||||
| CVE-2006-7102 | 1 Matthias Dietrich | 1 Phpburningportal Quiz-modul | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php. | |||||