Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6882 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0502 | 1 Connectix | 1 Connectix Boards | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in templates/Official/part_userprofile.php in Connectix Boards 0.8.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the template_path parameter. | ||||
| CVE-2008-0503 | 1 Netwerk | 1 Smart Publisher | 2026-04-23 | N/A |
| Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter. | ||||
| CVE-2007-6615 | 1 Agares Media | 1 Phpautovideo | 2026-04-23 | N/A |
| Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter. | ||||
| CVE-2007-1483 | 1 K5n | 1 Webcalendar | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php. | ||||
| CVE-2007-1253 | 1 Blender | 1 Blender | 2026-04-23 | N/A |
| Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. | ||||
| CVE-2008-1958 | 1 Easyscripts | 1 Tr Script News | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension. | ||||
| CVE-2007-1233 | 1 Stwc-counter | 1 Stwc-counter | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter. | ||||
| CVE-2007-1165 | 1 Dbscripts | 1 Dbguestbook | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. | ||||
| CVE-2007-1164 | 1 Dbscripts | 1 Dbimagegallery | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/. | ||||
| CVE-2007-1148 | 1 Lovecms | 1 Lovecms | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | ||||
| CVE-2007-1141 | 1 Reamday Enterprises | 1 Magic News Plus | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723. | ||||
| CVE-2007-1139 | 1 Cromosoft | 1 Simple Plantilla Php | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension. | ||||
| CVE-2007-1055 | 1 Mediawiki | 1 Mediawiki | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177. | ||||
| CVE-2007-2428 | 1 Ahhp-portal | 1 Ahhp-portal | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. | ||||
| CVE-2007-0501 | 1 Mafia Scum Tools | 1 Mafia Scum Tools | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter. | ||||
| CVE-2007-0499 | 1 Sangwan Kim | 1 Phpindexpage | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter. | ||||
| CVE-2008-6740 | 1 Homap | 1 Homap | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. | ||||
| CVE-2007-0218 | 1 Microsoft | 5 Internet Explorer, Windows 2000, Windows 2003 Server and 2 more | 2026-04-23 | N/A |
| Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | ||||
| CVE-2006-7130 | 1 Jinzora | 1 Jinzora | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in backend/primitives/cache/media.php in Jinzora 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter, a different vector than CVE-2006-6770. | ||||
| CVE-2006-7105 | 1 Smarty | 1 Smarty | 2026-04-23 | 9.8 Critical |
| PHP remote file inclusion vulnerability in libs/Smarty.class.php in Smarty 2.6.9 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter. NOTE: in the original disclosure, filename is used in a function definition, so this report is probably incorrect | ||||