Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3595 | 1 Txtsql | 1 Txtsql | 2017-09-28 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter. | |||||
| CVE-2008-3592 | 1 21degrees | 1 Symphony | 2017-09-28 | 8.5 HIGH | N/A |
| Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/. | |||||
| CVE-2008-3570 | 1 Africabegone | 1 Africa Be Gone | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter. | |||||
| CVE-2008-3509 | 1 Lovecms | 1 Lovecms | 2017-09-28 | 7.5 HIGH | N/A |
| LoveCMS 1.6.2 does not require administrative authentication for (1) addblock.php, (2) blocks.php, and (3) themes.php in system/admin/, which allows remote attackers to change the configuration or execute arbitrary PHP code via addition of blocks, and other vectors. | |||||
| CVE-2008-3481 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2017-09-28 | 7.5 HIGH | N/A |
| themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | |||||
| CVE-2008-3455 | 1 Jnshosts | 1 Php Hosting Directory | 2017-09-28 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter. | |||||
| CVE-2008-3434 | 1 Apple | 1 Itunes | 2017-09-28 | 7.5 HIGH | N/A |
| Apple iTunes before 10.5.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | |||||
| CVE-2008-3368 | 1 Atutor | 1 Atutor | 2017-09-28 | 6.5 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in tools/packages/import.php in ATutor 1.6.1 pl1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via a URL in the type parameter. | |||||
| CVE-2008-3308 | 1 Carlos Desseno | 1 Youtube Blog | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter. | |||||
| CVE-2008-3207 | 1 Pragyan | 1 Praygan Cms | 2017-09-28 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter. | |||||
| CVE-2008-3167 | 1 Boonex | 1 Dolphin | 2017-09-28 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin. | |||||
| CVE-2008-3166 | 1 Boonex | 1 Ray | 2017-09-28 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter. | |||||
| CVE-2008-3093 | 1 Phplizardo | 1 Imperialbb | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier allows remote authenticated users to upload and execute arbitrary PHP code by placing a .php filename in the Upload_Avatar parameter and sending the image/gif content type. | |||||
| CVE-2008-3075 | 1 Vim | 2 Vim, Zipplugin.vim | 2017-09-28 | 9.3 HIGH | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | |||||
| CVE-2008-3332 | 1 Mantis | 1 Mantis | 2017-09-28 | 6.5 MEDIUM | N/A |
| Eval injection vulnerability in adm_config_set.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter. | |||||
| CVE-2008-3022 | 1 Phpbbportal | 1 Phportal | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in sablonlar/gunaysoft/gunaysoft.php in PHPortal 1.2 Beta allow remote attackers to execute arbitrary PHP code via a URL in (1) icerikyolu, (2) sayfaid, and (3) uzanti parameters. | |||||
| CVE-2008-2990 | 2 Joomla, Mambo | 3 Com Facileforms, Joomla, Com Facileforms | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. | |||||
| CVE-2008-2986 | 1 Phpdmca | 1 Phpdmca | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the ourlinux_root_path parameter to (1) adodb-errorpear.inc.php and (2) adodb-pear.inc.php in adodb/. | |||||
| CVE-2008-2981 | 1 Homeph Design | 1 Homeph Design | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter. | |||||
| CVE-2008-2977 | 1 Ourvideo Cms | 1 Ourvideo Cms | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 allow remote attackers to execute arbitrary PHP code via a URL in the include_connection parameter to (1) edit_top_feature.php and (2) edit_topics_feature.php in phpi/. | |||||