ReportizFlow
Filtered by vendor
Subscriptions
Total
5969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6373 | 1 Nagios | 1 Nagios | 2025-04-09 | N/A |
| Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | ||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | ||||
| CVE-2008-6491 | 1 Denis Moinel | 1 Phpgkit | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-2883 | 1 Jamroom | 1 Jamroom | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6518 | 1 Vidiscript | 1 Vidiscript | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request. | ||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2025-04-09 | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | ||||
| CVE-2009-0275 | 1 Ryneezy | 1 Phosheezy | 2025-04-09 | N/A |
| Static code injection vulnerability in admin.php in Ryneezy phoSheezy 0.2 allows remote authenticated administrators to inject arbitrary PHP code into config/header via the header parameter. NOTE: this can be exploited by unauthenticated attackers by leveraging CVE-2009-0250. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-6544 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request | ||||
| CVE-2007-5221 | 1 Poppawid | 1 Poppawid | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter. | ||||
| CVE-2008-0803 | 1 Lookstrike | 1 Lan Manager | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan Manager 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the sys_conf[path][real] parameter to (1) modules\class\Table.php; (2) db_admins.php, (3) db_alert.php, (4) db_double.php, (5) db_games.php, (6) db_matches.php, (7) db_match_teams.php, (8) db_news.php, (9) db_platform.php, (10) db_players.php, (11) db_server_group.php, (12) db_server_ip.php, (13) db_teams.php, (14) db_team_players.php, (15) db_tournaments.php, (16) db_tournament_teams.php, and (17) db_trees.php in modules\class\db\; and (18) Match.php, (19) MatchTeam.php, (20) Rule.php, (21) RuleBuilder.php, (22) RulePool.php, (23) RuleSingle.php, (24) RuleTree.php, (25) Tournament.php, (26) TournamentTeam.php, (27) Tree.php, and (28) TreeSingle.php in modules\class\tournament\. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences. | ||||
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | ||||
| CVE-2008-1669 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-09 | N/A |
| Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access to the descriptor table." | ||||
| CVE-2008-6635 | 1 Geody | 1 Dagger | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_inc parameter. | ||||
| CVE-2008-6636 | 1 Geody | 1 Dagger | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in skins/default.php in Geody Labs Dagger - The Cutting Edge r12feb2008, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_skins parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2007-3586 | 1 Mycms | 1 Mycms | 2025-04-09 | N/A |
| Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files. | ||||
| CVE-2008-6761 | 1 China-on-site | 1 Flexcustomer0.0.6 | 2025-04-09 | N/A |
| Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php. | ||||
| CVE-2007-4244 | 1 Joomla | 1 J Reactions | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in langset.php in J! Reactions (com_jreactions) 1.8.1 and earlier, a Joomla! component, allows remote attackers to execute arbitrary PHP code via a URL in the comPath parameter. | ||||
| CVE-2008-6785 | 1 Galaxyscripts | 1 Mini File Host | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in Mini File Host 1.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as demonstrated by creating a name.php file. | ||||
| CVE-2008-5167 | 1 Boonex | 1 Orca | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | ||||
| CVE-2007-4605 | 1 Vwar | 1 Virtual War | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual War (VWar) 1.5.0 R15 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter, a different vector than CVE-2006-1503, CVE-2006-1636, and CVE-2006-1747. | ||||