Total
5112 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7183 | 1 Evacms | 1 Eva Cms | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php. | ||||
| CVE-2008-7240 | 1 Linuxwebshop | 1 Php User Base | 2025-04-09 | N/A |
| Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter. | ||||
| CVE-2009-0068 | 2 Freedesktop, Mozilla | 2 Xdg-utils, Firefox | 2025-04-09 | N/A |
| Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. | ||||
| CVE-2009-0084 | 1 Microsoft | 4 Directx, Windows 2000, Windows Server 2003 and 1 more | 2025-04-09 | N/A |
| Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." | ||||
| CVE-2009-0091 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | N/A |
| Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." | ||||
| CVE-2009-0103 | 1 Playsms | 1 Playsms | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) apps_path[plug] parameter to plugin/gateway/gnokii/init.php, the (2) apps_path[themes] parameter to plugin/themes/default/init.php, and the (3) apps_path[libs] parameter to lib/function.php. | ||||
| CVE-2009-0149 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. | ||||
| CVE-2009-0160 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | ||||
| CVE-2009-0202 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | N/A |
| Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow. | ||||
| CVE-2009-0208 | 1 Hp | 1 Virtual Rooms | 2025-04-09 | N/A |
| Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2009-0222 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | ||||
| CVE-2009-0223 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137. | ||||
| CVE-2009-0225 | 1 Microsoft | 1 Office Powerpoint | 2025-04-09 | N/A |
| Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability." | ||||
| CVE-2009-0251 | 1 Ryneezy | 1 Phosheezy | 2025-04-09 | N/A |
| Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/footer via the footer parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-0464 | 1 Groonesworld | 1 Gbook | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||
| CVE-2009-0422 | 1 Tincan | 1 Phplist | 2025-04-09 | N/A |
| Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php. | ||||
| CVE-2009-0441 | 1 Technote | 1 Technote | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in skin_shop/standard/2_view_body/body_default.php in TECHNOTE 7.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter, a different vector than CVE-2008-4138. | ||||
| CVE-2009-0444 | 1 Sirini | 1 Grboard | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) theme parameter to (a) 179_squarebox_pds_list/view.php, (b) 179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d) 179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k) 179_simplebar_notice/view.php, (l) 179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php, and (n) 179_simplebar_basic/view.php in theme/; the (2) path parameter to (o) latest/sirini_gallery_latest/list.php; and the (3) grboard parameter to (p) include.php and (q) form_mail.php. | ||||
| CVE-2009-0456 | 1 Sourdough | 1 Sourdough | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter. | ||||
| CVE-2009-0463 | 1 Groonesworld | 1 Glinks | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/header.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter. | ||||