Search Results (6912 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-1760 1 Blogator-script 1 Blogator-script 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.
CVE-2009-0222 1 Microsoft 1 Office Powerpoint 2026-04-23 N/A
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
CVE-2009-2118 1 Irfanview 1 Irfanview 2026-04-23 N/A
Integer overflow in IrfanView 4.23, when the resampling or screen fitting option is enabled, allows remote attackers to execute arbitrary code via a crafted TIFF 1 BPP image, which triggers a heap-based buffer overflow.
CVE-2009-2143 2 Firestats, Wordpress 2 Firestats, Wordpress 2026-04-23 N/A
PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_javascript parameter.
CVE-2009-0223 1 Microsoft 1 Office Powerpoint 2026-04-23 N/A
Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
CVE-2007-0862 1 Gnopaste 1 Gnopaste 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable
CVE-2007-5221 1 Poppawid 1 Poppawid 2026-04-23 N/A
PHP remote file inclusion vulnerability in mail/childwindow.inc.php in Poppawid 2.7 allows remote attackers to execute arbitrary PHP code via a URL in the form parameter.
CVE-2008-7240 1 Linuxwebshop 1 Php User Base 2026-04-23 N/A
Directory traversal vulnerability in include/unverified.inc.php in Linux Web Shop (LWS) php User Base 1.3beta allows remote attackers to include and execute arbitrary local files via the template parameter.
CVE-2009-0202 1 Microsoft 1 Office Powerpoint 2026-04-23 N/A
Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
CVE-2007-5153 1 Sun 2 Java System Access Manager, Java System Application Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 8.x container, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2009-0191 1 Foxitsoftware 1 Foxit Reader 2026-04-23 N/A
Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, including 3.0.2009.1301, does not properly handle a JBIG2 symbol dictionary segment with zero new symbols, which allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a dereference of an uninitialized memory location.
CVE-2006-6041 1 Laurent Van Den Reysen 1 Work System E-commerce 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Laurent Van den Reysen WORK system e-commerce 3.0.2, and other versions before 3.0.4, allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/.
CVE-2006-4696 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-23 N/A
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
CVE-2008-2396 1 Wajox Software 1 Mircrossys Cms 2026-04-23 N/A
PHP remote file inclusion vulnerability in index.php in Wajox Software microSSys CMS 1.5 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in an arbitrary element of the PAGES array parameter.
CVE-2008-7152 1 Simon Rycroft 1 Sid 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2) taxonservice.php.
CVE-2008-7073 2 Ekkaia, Rssmodule 2 Pie Web, Rss Module 2026-04-23 N/A
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
CVE-2008-0113 1 Microsoft 1 Excel Viewer 2026-04-23 N/A
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
CVE-2007-1483 1 K5n 1 Webcalendar 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in WebCalendar 0.9.45 allow remote attackers to execute arbitrary PHP code via a URL in the includedir parameter to (1) login.php, (2) get_reminders.php, or (3) get_events.php.
CVE-2007-5914 1 Jean Charles 1 Jbc Explorer 2026-04-23 N/A
Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.
CVE-2007-1446 1 Danny Ho 1 Oes 2026-04-23 N/A
Multiple PHP remote file inclusion vulnerabilities in Open Education System (OES) 0.1beta allow remote attackers to execute arbitrary PHP code via a URL in the CONF_INCLUDE_PATH parameter to (1) lib-account.inc.php, (2) lib-file.inc.php, (3) lib-group.inc.php, (4) lib-log.inc.php, (5) lib-mydb.inc.php, (6) lib-template-mod.inc.php, and (7) lib-themes.inc.php in includes/.