Search Results (6952 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-6539 1 Holger Schurig 1 Destar 2026-04-23 N/A
Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter.
CVE-2008-2195 1 Deluxebb 1 Deluxebb 2026-04-23 N/A
Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
CVE-2007-4737 1 Speedtech 1 Stphplibrary 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the STPHPLIB_DIR parameter to (1) stphpapplication.php, (2) stphpbtnimage.php, or (3) stphpform.php.
CVE-2008-6373 1 Nagios 1 Nagios 2026-04-23 N/A
Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments."
CVE-2007-4187 1 Joomla 1 Joomla 2026-04-23 N/A
Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/.
CVE-2008-3311 1 Adam Scheinberg 1 Flip 2026-04-23 N/A
PHP remote file inclusion vulnerability in config.php in Adam Scheinberg Flip 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter.
CVE-2007-3586 1 Mycms 1 Mycms 2026-04-23 N/A
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
CVE-2008-5949 1 Tiddlywiki 1 Cctiddly 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 and 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the cct_base parameter to (1) index.php; (2) handle/proxy.php; (3) header.php, (4) include.php, and (5) workspace.php in includes/; and (6) plugins/RSS/files/rss.php.
CVE-2008-6545 1 Comscripts 1 Web Server Creator Web Portal 2026-04-23 N/A
PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-5947 1 Yapbb 1 Yapbb 2026-04-23 N/A
PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.
CVE-2007-2609 1 Gnuedu 1 Gnu Edu 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.
CVE-2008-5920 1 Tigris 1 Websvn 2026-04-23 N/A
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
CVE-2008-5801 1 Typo3 1 Dictionary Extension 2026-04-23 N/A
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
CVE-2007-1141 1 Reamday Enterprises 1 Magic News Plus 2026-04-23 N/A
PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.
CVE-2008-5792 1 Indisguise 1 Indiscripts Enthusiast 2026-04-23 N/A
PHP remote file inclusion vulnerability in show_joined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue.
CVE-2008-5790 2 Joomla, Recly 2 Joomla, Competitions 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in the Recly!Competitions (com_competitions) component 1.0 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[mosConfig_absolute_path] parameter to (a) add.php and (b) competitions.php in includes/competitions/, and the (2) mosConfig_absolute_path parameter to (c) includes/settings/settings.php.
CVE-2007-1996 1 Codebreak 1 Codebreak 2026-04-23 N/A
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter.
CVE-2008-5763 1 Mariovaldez 1 Simple Text-file Login Script 2026-04-23 N/A
PHP remote file inclusion vulnerability in slogin_lib.inc.php in Simple Text-File Login Script (SiTeFiLo) 1.0.6 allows remote attackers to execute arbitrary PHP code via a URL in the slogin_path parameter.
CVE-2008-5173 1 Testmaker 1 Testmaker 2026-04-23 N/A
Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.
CVE-2007-4782 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Application Stack 2026-04-23 N/A
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanied by a pattern parameter value with undefined characteristics, as demonstrated by a "*[1]e" value. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.