Export limit exceeded: 361803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-2458 | 1 Pixaria | 1 Pixaria Gallery | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457. | ||||
| CVE-2008-6841 | 2 Gmitc, Joomla | 2 Com Dbquery, Joomla | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to classes/DBQ/admin/common.class.php. | ||||
| CVE-2008-6849 | 1 W2b | 1 Phpgreetcards | 2026-04-23 | N/A |
| Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php. | ||||
| CVE-2008-2230 | 1 Reportbug-ng | 2 Reportbug, Reportbug-ng | 2026-04-23 | N/A |
| Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory. | ||||
| CVE-2009-3492 | 1 Gotdns | 1 Loggix Project | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php. | ||||
| CVE-2007-4949 | 1 Phpreactor | 1 Phpreactor | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root | ||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | ||||
| CVE-2009-2118 | 1 Irfanview | 1 Irfanview | 2026-04-23 | N/A |
| Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow. | ||||
| CVE-2007-4948 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Webmedia Explorer (webmex) 3.2.2 allow remote attackers to execute arbitrary PHP code via (1) a URL in the path_include parameter to includes/rss.class.php, (2) a URL in the path_template parameter to (a) templates/main.tpl.php or (b) templates/folder_messages_link_message_name.tpl.php, or (4) a URL in the path_templates parameter to templates/sidebar.tpl.php. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess support. NOTE: the includes/core.lib.php vector is already covered by CVE-2006-5252. | ||||
| CVE-2007-4942 | 1 Focus-sis | 1 Focus Sis | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in modules/Discipline/StudentFieldBreakdown.php in Focus/SIS 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the FocusPath parameter, a different vector than CVE-2007-4806. NOTE: the provenance of this information is unknown. | ||||
| CVE-2007-4575 | 2 Openoffice, Redhat | 4 Openoffice, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2026-04-23 | N/A |
| HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." | ||||
| CVE-2008-0043 | 1 Apple | 1 Iphoto | 2026-04-23 | N/A |
| Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | ||||
| CVE-2009-2627 | 1 Acer | 1 Lunchapp.aplunch | 2026-04-23 | N/A |
| Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121. | ||||
| CVE-2008-3043 | 1 Typo3 | 1 Wec Discussion Forum | 2026-04-23 | N/A |
| Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows attackers to execute arbitrary code via vectors related to "certain file types." | ||||
| CVE-2006-4694 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. | ||||
| CVE-2006-3650 | 1 Microsoft | 1 Office | 2026-04-23 | N/A |
| Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. | ||||
| CVE-2007-1581 | 1 Php | 1 Php | 2026-04-23 | N/A |
| The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify internal resources. NOTE: it was later reported that PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 are also affected. | ||||
| CVE-2008-6665 | 1 Anantasoft | 1 Ananta Cms | 2026-04-23 | N/A |
| change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection. | ||||
| CVE-2008-6482 | 2 Joomla, Justjoomla | 2 Joomla, Com Treeg | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | ||||
| CVE-2008-2950 | 1 Poppler | 1 Poppler | 2026-04-23 | N/A |
| The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. | ||||