Search Results (6899 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-5096 1 Guanxicrm 1 Guanxicrm Business Solution 2026-04-23 N/A
PHP remote file inclusion vulnerability in modules/webmail2/inc/rfc822.php in guanxiCRM Business Solution 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the webmail2_inc_dir parameter.
CVE-2008-3437 1 Openoffice 1 Openoffice.org 2026-04-23 N/A
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-3436 1 Notepad\+\+ 1 Notepad\+\+ 2026-04-23 N/A
The GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2006-6740 1 Phpprofiles 1 Phpprofiles 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6396 1 Myupb 1 Flat Php Board 2026-04-23 N/A
Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.
CVE-2008-3435 1 Linkedin 1 Browser Toolbar 2026-04-23 N/A
LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2008-1963 1 Quate 1 Grape Web Statistics 2026-04-23 N/A
PHP remote file inclusion vulnerability in includes/functions.php in Quate Grape Web Statistics 0.2a allows remote attackers to execute arbitrary PHP code via a URL in the location parameter.
CVE-2008-3402 1 Hscripts 1 Hiox Random Ad 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in HIOX Browser Statistics (HBS) 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the hm parameter to (1) hioxupdate.php and (2) hioxstats.php.
CVE-2008-3401 1 Hscripts 1 Hiox Random Ad 2026-04-23 N/A
PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX Random Ad (HRA) 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
CVE-2008-3399 1 Xrms 1 Xrms Crm 2026-04-23 N/A
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter.
CVE-2008-3311 1 Adam Scheinberg 1 Flip 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
CVE-2008-2886 1 Jamroom 1 Jamroom 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/plugins/jrBrowser/purchase.php in Jamroom 3.3.0 through 3.3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter.
CVE-2008-1669 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table."
CVE-2007-5994 1 Yappa-ng 1 Yappa-ng 2026-04-23 N/A
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
CVE-2008-2884 1 Rss Aggregator 1 Rss Aggregator 2026-04-23 N/A
PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-1965 1 Ibm 2 Lotus Expeditor Client, Lotus Symphany 2026-04-23 N/A
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
CVE-2007-6029 1 Clam Anti-virus 1 Clamav 2026-04-23 N/A
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
CVE-2008-2854 1 Orlando Cms 1 Orlando Cms 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php.
CVE-2008-2436 1 Novell 1 Iprint Client 2026-04-23 N/A
Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx.
CVE-2007-2816 1 Ol Bookmarks 1 Ol Bookmarks 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5) frames1_top.php, (7) test2.php, (8) test3.php, (9) test4.php, (10) test5.php, (11) test6.php, (12) frames1_left.php, and (13) frames1_center.php in themes/.