Total
3411 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1958 | 1 Easyscripts | 1 Tr Script News | 2017-09-29 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | |||||
CVE-2008-1903 | 1 Newanz | 1 Newsoffice | 2017-09-29 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in news_show.php in Newanz NewsOffice 1.0 and 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsoffice_directory parameter. | |||||
CVE-2008-1876 | 1 Snarky | 1 Visualpic | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter. | |||||
CVE-2008-1866 | 1 Pixel Motion | 1 Pixel Motion Blog | 2017-09-29 | 9.0 HIGH | N/A |
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request. | |||||
CVE-2008-1862 | 1 Exbb | 1 Exbb Italia | 2017-09-29 | 6.8 MEDIUM | N/A |
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php. | |||||
CVE-2008-1776 | 1 Phpblock | 1 Phpblock | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter. | |||||
CVE-2008-1773 | 1 Dragoon | 1 Dragoon | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | |||||
CVE-2008-1712 | 1 Mx-system | 1 Mxbb | 2017-09-29 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in includes/functions_weblog.php in mxBB mx_blogs 2.0.0 beta allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||||
CVE-2008-1682 | 1 Elearningforce | 1 Online Flashquiz | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter. | |||||
CVE-2008-1505 | 2 Joomla, Sstreamtv | 2 Joomla, Custompages | 2017-09-29 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in the SSTREAMTV custompages (com_custompages) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the cpage parameter to index.php. | |||||
CVE-2008-1416 | 1 Phpauction | 1 Phpauction Gpl | 2017-09-29 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/. | |||||
CVE-2008-1405 | 1 Fuzzylime | 1 Fuzzylime | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. | |||||
CVE-2008-1126 | 1 Barryvan Compo | 1 Barryvan Compo Manager | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter. | |||||
CVE-2008-1124 | 1 Podcast Generator | 1 Podcast Generator | 2017-09-29 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/. | |||||
CVE-2008-1123 | 1 Sitebuilder | 1 Sitebuilder Elite | 2017-09-29 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php. | |||||
CVE-2008-1074 | 1 Group E | 1 Group E | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter. | |||||
CVE-2008-1069 | 1 Quantum Game Library | 1 Quantum Game Library | 2017-09-29 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php. | |||||
CVE-2008-1068 | 1 Portail Web Php | 1 Portail Web Php | 2017-09-29 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645. | |||||
CVE-2008-1067 | 1 Phpqladmin | 1 Phpqladmin | 2017-09-29 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php. | |||||
CVE-2008-1051 | 1 Phpprofiles | 1 Phpprofiles | 2017-09-29 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in include/body_comm.inc.php in phpProfiles 4.5.2 BETA allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. |