Total
3701 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5015 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system. | |||||
| CVE-2008-4911 | 1 Chattaitaliano | 1 Istant-replay | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter. | |||||
| CVE-2008-4835 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability." | |||||
| CVE-2008-4810 | 1 Smarty | 1 Smarty | 2024-11-21 | 7.5 HIGH | N/A |
| The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. | |||||
| CVE-2008-4798 | 1 Webgui | 1 Webgui | 2024-11-21 | 9.3 HIGH | N/A |
| The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL. | |||||
| CVE-2008-4735 | 1 Coastal | 1 Coast | 2024-11-21 | 8.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in header.php in Concord Asset, Software, and Ticket system (CoAST) 0.95 allows remote attackers to execute arbitrary PHP code via a URL in the sections_file parameter. | |||||
| CVE-2008-4720 | 1 Arzdev | 1 Gemini Portal | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php. | |||||
| CVE-2008-4719 | 1 Openengine | 1 Openengine | 2024-11-21 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329. | |||||
| CVE-2008-4704 | 1 Mitre | 1 Sezhoo | 2024-11-21 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in SezHoo 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | |||||
| CVE-2008-4687 | 1 Mantis | 1 Mantis | 2024-11-21 | 9.0 HIGH | N/A |
| manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php. | |||||
| CVE-2008-4673 | 1 Webbiscuits | 1 Events Calendar | 2024-11-21 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters. | |||||
| CVE-2008-4645 | 1 Phpwebgallery | 1 Phpwebgallery | 2024-11-21 | 9.0 HIGH | N/A |
| plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function. | |||||
| CVE-2008-4624 | 1 Ftrsoft | 1 Fast Click Sql Lite | 2024-11-21 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter. | |||||
| CVE-2008-4557 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 10.0 HIGH | N/A |
| plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression. | |||||
| CVE-2008-4529 | 1 Asicms | 1 Asicms | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha 0.208 allow remote attackers to execute arbitrary PHP code via a URL in the _ENV[asicms][path] parameter to (1) Association.php, (2) BigMath.php, (3) DiffieHellman.php, (4) DumbStore.php, (5) Extension.php, (6) FileStore.php, (7) HMAC.php, (8) MemcachedStore.php, (9) Message.php, (10) Nonce.php, (11) SQLStore.php, (12) SReg.php, (13) TrustRoot.php, and (14) URINorm.php in classes/Auth/OpenID/; and (15) XRDS.php, (16) XRI.php and (17) XRIRes.php in classes/Auth/Yadis/. | |||||
| CVE-2008-4502 | 1 Datafeedfile | 1 Dff Framework Api | 2024-11-21 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/. | |||||
| CVE-2008-4451 | 1 Eset Software | 1 System Analyzer Tool | 2024-11-21 | 7.2 HIGH | N/A |
| The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer. | |||||
| CVE-2008-4439 | 1 Martinwood | 1 Datafeed Studio | 2024-11-21 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4387 | 3 Microsoft, Sap, Simba Technologies | 3 Internet Explorer, Sapgui, Mdrmsap Activex Control | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. | |||||
| CVE-2008-4385 | 1 Systemrequirementslab | 1 System Requirements Lab | 2024-11-21 | 9.3 HIGH | N/A |
| Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar. | |||||