Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0423 | 1 Lama | 1 Lama Software | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/. | |||||
| CVE-2008-0503 | 1 Netwerk | 1 Smart Publisher | 2017-09-28 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. | |||||
| CVE-2008-0502 | 1 Connectix | 1 Connectix Boards | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter. | |||||
| CVE-2008-0230 | 1 Osdate | 1 Osdate | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter. | |||||
| CVE-2008-0222 | 1 Wordpress | 1 Filemanager | 2017-09-28 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for WordPress allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2008-0572 | 1 Mindmeld | 1 Mindmeld | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/. | |||||
| CVE-2008-0143 | 1 Spacial Audio Solutions | 2 Sam Broadcaster, Samphpweb | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as provided with SAM Broadcaster, allows remote attackers to execute arbitrary PHP code via a URL in the commonpath parameter. | |||||
| CVE-2008-1068 | 1 Portail Web Php | 1 Portail Web Php | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645. | |||||
| CVE-2008-1126 | 1 Barryvan Compo | 1 Barryvan Compo Manager | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter. | |||||
| CVE-2008-0648 | 1 Opensiteadmin | 1 Opensiteadmin | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin 0.9.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) indexFooter.php; and (2) DatabaseManager.php, (3) FieldManager.php, (4) Filter.php, (5) Form.php, (6) FormManager.php, (7) LoginManager.php, and (8) Filters/SingleFilter.php in scripts/classes/. | |||||
| CVE-2007-6657 | 1 Mihalism | 1 Multi Host | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Host 3.0.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mfh_root_path parameter. | |||||
| CVE-2007-6655 | 1 Matpo Bilder Galerie | 1 Kontakt Formular | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2007-6649 | 1 Matpo Bilder Galerie | 1 Matpo Bilder Galerie | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter. | |||||
| CVE-2007-6632 | 1 Xml2owl | 1 Xml2owl | 2017-09-28 | 6.8 MEDIUM | N/A |
| showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter. | |||||
| CVE-2007-6652 | 1 Xcms | 1 Xcms | 2017-09-28 | 7.5 HIGH | N/A |
| cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). | |||||
| CVE-2007-6585 | 1 Nmnnewsletter | 1 Nmnnewsletter | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter. | |||||
| CVE-2007-6568 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.inc.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. | |||||
| CVE-2008-0803 | 1 Lookstrike | 1 Lan Manager | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | |||||
| CVE-2008-0804 | 1 Thecus | 1 N5200pro Nas Server Control Panel | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter. | |||||
| CVE-2008-1038 | 1 Drbenhur.com | 1 Dbhcms | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter. | |||||