Total
5052 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2008-0302 | 1 Debian | 1 Apt-listchanges | 2025-04-09 | N/A |
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory. | ||||
CVE-2009-1083 | 1 Sun | 1 Java System Identity Manager | 2025-04-09 | N/A |
Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." | ||||
CVE-2009-0901 | 1 Microsoft | 3 Visual C\+\+, Visual Studio, Visual Studio .net | 2025-04-09 | N/A |
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||||
CVE-2009-1064 | 2 Orbit Downloader, Orbitdownloader | 2 Orbit Downloader, Orbit Downloader | 2025-04-09 | N/A |
Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method. | ||||
CVE-2007-4645 | 1 Nmdeluxe | 1 Nmdeluxe | 2025-04-09 | N/A |
SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. | ||||
CVE-2009-1025 | 1 Beerwin | 1 Phplinkadmin | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
CVE-2007-4640 | 1 Pakupaku | 1 Pakupaku Cms | 2025-04-09 | N/A |
Unrestricted file upload vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to upload and execute arbitrary PHP files in uploads/ via an Uploads action. | ||||
CVE-2007-5178 | 1 Mxbb | 1 Mx Glance | 2025-04-09 | N/A |
contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter. | ||||
CVE-2007-4608 | 1 Winterburns.co.uk | 1 Epersonnel | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in protection.php in ePersonnel RC_2004_02 allows remote attackers to execute arbitrary PHP code via a URL in the logout_page parameter. | ||||
CVE-2009-0966 | 1 Yabsoft | 1 Mega File Hosting Script | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | ||||
CVE-2008-0300 | 1 Mapbender | 1 Mapbender | 2025-04-09 | N/A |
mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to execute arbitrary PHP code via PHP code sequences in the factor parameter, which are not properly handled when accessing a filename that contains those sequences. | ||||
CVE-2008-6036 | 1 Basebuilder | 1 Basebuilder | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mj_config[src_path] parameter. | ||||
CVE-2009-0944 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | ||||
CVE-2007-1996 | 1 Codebreak | 1 Codebreak | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter. | ||||
CVE-2009-0820 | 1 Php.brickhost | 1 Phpscheduleit | 2025-04-09 | N/A |
Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132. | ||||
CVE-2007-4605 | 1 Vwar | 1 Virtual War | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. | ||||
CVE-2009-0759 | 1 Znc | 1 Znc | 2025-04-09 | N/A |
Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors. | ||||
CVE-2009-0970 | 1 Phpprobid | 1 Php Pro Bid | 2025-04-09 | N/A |
PHP remote file inclusion vulnerability in includes/class_image.php in PHP Pro Bid 6.05, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the fileExtension parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
CVE-2009-0720 | 1 Hp | 1 Openview Network Node Manager | 2025-04-09 | N/A |
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
CVE-2009-0677 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | N/A |
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array. |