Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7087 | 1 Openpro | 1 Openpro | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter. | |||||
| CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2018-10-11 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | |||||
| CVE-2008-7005 | 1 Minb | 1 Minb Is Not A Blog | 2018-10-11 | 7.5 HIGH | N/A |
| include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution. | |||||
| CVE-2008-6935 | 1 Joe Fuhrman | 1 Exodus | 2018-10-11 | 10.0 HIGH | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI. | |||||
| CVE-2008-6748 | 1 Megacubo | 1 Megacubo | 2018-10-11 | 9.3 HIGH | N/A |
| Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. | |||||
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2018-10-11 | 5.0 MEDIUM | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | |||||
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2018-10-11 | 6.0 MEDIUM | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | |||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | |||||
| CVE-2008-6099 | 1 Rportal | 1 Rportal | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in RPortal 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_op parameter. | |||||
| CVE-2008-5922 | 1 Cfagcms | 1 Cfagcms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Cant Find A Gaming CMS (CFAGCMS) 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) main and (2) right parameters. | |||||
| CVE-2008-5866 | 1 Proxim | 1 Tsunami Mp.11 2411 | 2018-10-11 | 10.0 HIGH | N/A |
| The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables. | |||||
| CVE-2008-5792 | 1 Indisguise | 1 Indiscripts Enthusiast | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue. | |||||
| CVE-2008-5750 | 1 Microsoft | 2 Internet Explorer, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. | |||||
| CVE-2008-5671 | 1 Joomla | 1 Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-5619 | 1 Roundcube | 1 Webmail | 2018-10-11 | 10.0 HIGH | N/A |
| html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-5090 | 1 Anelectron | 1 Advanced Electron Forum | 2018-10-11 | 10.0 HIGH | N/A |
| Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. | |||||
| CVE-2008-4206 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in Attachmax Dolphin 2.1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. | |||||
| CVE-2008-3922 | 1 Telartis Bv | 1 Awstats Totals | 2018-10-11 | 9.3 HIGH | N/A |
| awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function. | |||||
| CVE-2008-3882 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php. | |||||
| CVE-2008-3769 | 1 Openfreeway | 1 Freeway | 2018-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter. | |||||