Total
5474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0804 | 1 Thecus | 1 N5200pro Nas Server Control Panel | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter. | ||||
| CVE-2008-0743 | 1 Joovili | 1 Joovili | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter. | ||||
| CVE-2008-0687 | 1 Youtube | 1 Clone Script | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. | ||||
| CVE-2008-0635 | 1 Openads | 1 Openads | 2025-04-09 | N/A |
| Unspecified vulnerability in the delivery engine in Openads 2.4.0 through 2.4.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. | ||||
| CVE-2008-0583 | 1 Skype Technologies | 1 Skype | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and earlier 3.5.x and 3.6.x versions, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Description and unspecified other metadata fields of a Metacafe movie submitted by Metacafe Pro to the Skype video gallery, accessible through a search within the (1) "Add video to chat" or (2) "Add video to mood" dialog, a different vector than CVE-2008-0454. | ||||
| CVE-2008-0582 | 1 Skype Technologies | 1 Skype | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.1 through 3.6.0.244 on Windows allows remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via the Full Name field of a reviewer of a business item entry, accessible through (1) the SkypeFind dialog and (2) a skype:?skypefind URI for the skype: URI handler. | ||||
| CVE-2008-0572 | 1 Mindmeld | 1 Mindmeld | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Mindmeld 1.2.0.10 allow remote attackers to execute arbitrary PHP code via a URL in the MM_GLOBALS[home] parameter to (1) acweb/admin_index.php; and (2) ask.inc.php, (3) learn.inc.php, (4) manage.inc.php, (5) mind.inc.php, and (6) sensory.inc.php in include/. | ||||
| CVE-2008-0567 | 1 Chronoengine | 1 Chronoforms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ChronoForms (com_chronocontact) 2.3.5 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) PPS/File.php, (2) Writer.php, and (3) PPS.php in excelwriter/; and (4) BIFFwriter.php, (5) Workbook.php, (6) Worksheet.php, and (7) Format.php in excelwriter/Writer/. | ||||
| CVE-2008-0566 | 1 Deltascripts | 1 Php Links | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/smarty.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path_to_public_program parameter. | ||||
| CVE-2008-0503 | 1 Netwerk | 1 Smart Publisher | 2025-04-09 | N/A |
| Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. | ||||
| CVE-2008-0502 | 1 Connectix | 1 Connectix Boards | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter. | ||||
| CVE-2006-6710 | 1 Matteolucarelli | 1 Pgmreloaded | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php. | ||||
| CVE-2008-0448 | 1 Cybergl Dev Team | 1 Phpsearch | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in utils/class_HTTPRetriever.php in phpSearch allows remote attackers to execute arbitrary PHP code via a URL in the libcurlemuinc parameter. | ||||
| CVE-2006-6887 | 1 Logahead | 1 Logahead Unu | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-6958 | 1 Phpbluedragon | 1 Phpbluedragon Cms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076. | ||||
| CVE-2008-0433 | 1 Agares Media | 1 Phpautovideo | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. | ||||
| CVE-2008-0417 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | ||||
| CVE-2006-7021 | 1 Plume-cms | 1 Plume Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter. | ||||
| CVE-2006-7046 | 1 Clan Manager Pro | 1 Clan Manager Pro | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-0803 | 1 Lookstrike | 1 Lan Manager | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | ||||