Export limit exceeded: 336596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-5565 | 1 Phpscms | 1 Phpscms | 2025-04-09 | 9.8 Critical |
| PHP remote file inclusion vulnerability in includes/functions.php in phpSCMS 0.0.1-Alpha1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE because the identified code is in a function that is not accessible via direct request | ||||
| CVE-2007-5566 | 1 Phpblog | 1 Phpblog | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in functions that are not accessible via direct request | ||||
| CVE-2007-5574 | 1 Phpdj | 1 Phpdj | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2007-5593 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | N/A |
| install.php in Drupal 5.x before 5.3, when the configured database server is not reachable, allows remote attackers to execute arbitrary code via vectors that cause settings.php to be modified. | ||||
| CVE-2007-5599 | 1 Awrate | 1 Awrate | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) 404.php or (2) topbar.php, different vectors than CVE-2006-6368. | ||||
| CVE-2007-6191 | 1 Pmapper | 1 P.mapper | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Armin Burger p.mapper 3.2.0 beta3 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PM_INCPHP] parameter to (1) incphp/globals.php or (2) plugins/export/mc_table.php. NOTE: it could be argued that this vulnerability is caused by a problem in PHP and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in p.mapper. | ||||
| CVE-2007-6229 | 1 Rayzz | 1 Rayzz Script | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in common/classes/class_HeaderHandler.lib.php in Rayzz Script 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[site][project_path] parameter. | ||||
| CVE-2007-6231 | 1 Tellmatic | 1 Tellmatic | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server. | ||||
| CVE-2007-6289 | 1 Iptel | 1 Serweb | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358. | ||||
| CVE-2007-6296 | 1 Phpmychat | 1 Phpmychat | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter. | ||||
| CVE-2007-6324 | 1 City Writer | 1 Citywriter | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in head.php in CityWriter 0.9.7 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | ||||
| CVE-2007-6339 | 1 Akamai Technologies | 1 Download Manager | 2025-04-09 | N/A |
| The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." | ||||
| CVE-2007-6348 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-09 | N/A |
| SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2007-6396 | 1 Myupb | 1 Flat Php Board | 2025-04-09 | N/A |
| Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile. | ||||
| CVE-2007-6412 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | N/A |
| Direct static code injection vulnerability in wiki/index.php in Bitweaver 2.0.0 and earlier, when comments are enabled, allows remote attackers to inject arbitrary PHP code via an editcomments action. | ||||
| CVE-2007-6415 | 1 Debian | 1 Debian Linux | 2025-04-09 | N/A |
| scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options. | ||||
| CVE-2008-0230 | 1 Osdate | 1 Osdate | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via a URL in the php121dir parameter. | ||||
| CVE-2008-0235 | 1 Microsoft | 1 Vfp Ole Server Activex Control | 2025-04-09 | N/A |
| The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method. | ||||
| CVE-2008-0251 | 1 Photopost | 1 Photopost Vbgallery | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors. | ||||
| CVE-2008-0283 | 1 Domphp | 1 Domphp | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||