Total
3701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2024-11-21 | 6.0 MEDIUM | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | |||||
| CVE-2008-6545 | 1 Comscripts | 1 Web Server Creator Web Portal | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news/include/createdb.php in Web Server Creator Web Portal 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the langfile parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6544 | 1 Simple Machines | 1 Simple Machines Forum | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request | |||||
| CVE-2008-6543 | 1 Comscripts | 1 Quick Classifieds | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM Quick Classifieds 1.0 via the DOCUMENT_ROOT parameter to (1) index.php3, (2) locate.php3, (3) search_results.php3, (4) classifieds/index.php3, and (5) classifieds/view.php3; (6) index.php3, (7) manager.php3, (8) pass.php3, (9) remember.php3 (10) sign-up.php3, (11) update.php3, (12) userSet.php3, and (13) verify.php3 in controlcenter/; (14) alterCats.php3, (15) alterFeatured.php3, (16) alterHomepage.php3, (17) alterNews.php3, (18) alterTheme.php3, (19) color_help.php3, (20) createdb.php3, (21) createFeatured.php3, (22) createHomepage.php3, (23) createL.php3, (24) createM.php3, (25) createNews.php3, (26) createP.php3, (27) createS.php3, (28) createT.php3, (29) index.php3, (30) mailadmin.php3, and (31) setUp.php3 in controlpannel/; (32) include/sendit.php3 and (33) include/sendit2.php3; and possibly (34) include/adminHead.inc, (35) include/usersHead.inc, and (36) style/default.scheme.inc. | |||||
| CVE-2008-6539 | 1 Holger Schurig | 1 Destar | 2024-11-21 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in user/settings/ in DeStar 0.2.2-5 allows remote authenticated users to add arbitrary administrators and inject arbitrary Python code into destar_cfg.py via a crafted pin parameter. | |||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2024-11-21 | 6.8 MEDIUM | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | |||||
| CVE-2008-6518 | 1 Vidiscript | 1 Vidiscript | 2024-11-21 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the profile feature in VidiScript allows registered remote authenticated users to execute arbitrary code by uploading a PHP file as an Avatar, then accessing the avatar via a direct request. | |||||
| CVE-2008-6513 | 1 Aphpkb | 1 Aphpkb | 2024-11-21 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php. | |||||
| CVE-2008-6499 | 1 Apachefriends | 1 Xampp | 2024-11-21 | 5.5 MEDIUM | N/A |
| security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1. | |||||
| CVE-2008-6491 | 1 Denis Moinel | 1 Phpgkit | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | |||||
| CVE-2008-6483 | 2 Joomla, Virtuemart-solutions | 2 Joomla, Com Googlebase | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.googlebase.php in the Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component 1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2008-6482 | 2 Joomla, Justjoomla | 2 Joomla, Com Treeg | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.treeg.php in the Flash Tree Gallery (com_treeg) component 1.0 for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_live_site parameter. | |||||
| CVE-2008-6474 | 1 F5 | 1 Tmos | 2024-11-21 | 9.0 HIGH | N/A |
| The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. | |||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2024-11-21 | 7.5 HIGH | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | |||||
| CVE-2008-6421 | 1 Socialsitegenerator | 1 Social Site Generator | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | |||||
| CVE-2008-6408 | 1 Brian Wilson | 1 Ol\'bookmarks | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. | |||||
| CVE-2008-6403 | 1 Openrat | 1 Openrat | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. | |||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | |||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | |||||