Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1903 | 1 Newanz | 1 Newsoffice | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter. | |||||
| CVE-2008-1958 | 1 Easyscripts | 1 Tr Script News | 2017-09-28 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | |||||
| CVE-2008-1963 | 1 Quate | 1 Grape Web Statistics | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter. | |||||
| CVE-2007-5800 | 2 Tom Willmot, Wordpress | 2 Backupwordpress Plugin, Wordpress | 2017-09-28 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the BackUpWordPress 0.4.2b and earlier plugin for WordPress allow remote attackers to execute arbitrary PHP code via a URL in the bkpwp_plugin_path parameter to (1) plugins/BackUp/Archive.php; and (2) Predicate.php, (3) Writer.php, (4) Reader.php, and other unspecified scripts under plugins/BackUp/Archive/. | |||||
| CVE-2007-5840 | 1 Syndeocms | 1 Syndeocms | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2. | |||||
| CVE-2007-3586 | 1 Mycms | 1 Mycms | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | |||||
| CVE-2007-4009 | 1 Parallels | 1 Confixx | 2017-09-28 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. | |||||
| CVE-2007-4575 | 1 Openoffice | 1 Openoffice | 2017-09-28 | 9.3 HIGH | N/A |
| HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | |||||
| CVE-2007-4605 | 1 Vwar | 1 Virtual War | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. | |||||
| CVE-2007-4606 | 1 Phpnuke-clan | 1 Phpnuke-clan | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw_conver.php in the Virtual War (VWar) module for PHPNuke-Clan (PNC) 4.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1602. NOTE: it is possible that this issue stems from a problem in VWar itself. | |||||
| CVE-2007-4640 | 1 Pakupaku | 1 Pakupaku Cms | 2017-09-28 | 6.4 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | |||||
| CVE-2007-4645 | 1 Nmdeluxe | 1 Nmdeluxe | 2017-09-28 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. | |||||
| CVE-2007-4646 | 1 Hexamail | 1 Hexamail Server | 2017-09-28 | 10.0 HIGH | N/A |
| Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command. | |||||
| CVE-2007-4712 | 1 Enetman | 1 Enetman | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in eNetman 1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2007-4737 | 1 Speedtech | 1 Stphplibrary | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php. | |||||
| CVE-2007-4744 | 1 Anyinventory | 1 Anyinventory | 2017-09-28 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter. | |||||
| CVE-2007-4763 | 1 Tim Jackson | 1 Phpof | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in dbmodules/DB_adodb.class.php in PHP Object Framework (PHPOF) 20040226 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHPOF_INCLUDE_PATH parameter. | |||||
| CVE-2007-4806 | 1 Focus Sis | 1 Focus Sis | 2017-09-28 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/Discipline/CategoryBreakdownTime.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter. | |||||
| CVE-2007-4807 | 1 Focus Sis | 1 Focus Sis | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 allow remote attackers to execute arbitrary PHP code via a URL in the staticpath parameter to (1) modules/Discipline/CategoryBreakdownTime.php or (2) modules/Discipline/StudentFieldBreakdown.php. | |||||
| CVE-2007-4809 | 1 Online Fantasy Football League | 1 Offl | 2017-09-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 allow remote attackers to execute arbitrary PHP code via a URL in the DOC_ROOT parameter to (1) lib/functions.php or (2) lib/header.php. | |||||