Total
3702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2345 | 1 Typo3 | 1 Air Filemanager | 2024-11-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to "insufficient file filtering." | |||||
| CVE-2008-2341 | 1 Avalonnet | 1 News Manager | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ch_readalso.php in News Manager 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the read_xml_include parameter. | |||||
| CVE-2008-2296 | 1 Rgboard | 1 Rgboard | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in Rgboard 3.0.12 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. | |||||
| CVE-2008-2284 | 1 Fusebox | 1 Fusebox | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in fusebox5.php in Fusebox 5.5.1 allows remote attackers to execute arbitrary PHP code via a URL in the FUSEBOX_APPLICATION_PATH parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-2275 | 1 Typo3 | 1 Sr Feuser Register Extension | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | |||||
| CVE-2008-2270 | 1 Phpway | 1 Kostenloses Linkmanagementscript | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPWAY Kostenloses Linkmanagementscript allow remote attackers to execute arbitrary PHP code via a URL in the (1) main_page_directory and (2) page_to_include parameters in template\index.php. | |||||
| CVE-2008-2253 | 1 Microsoft | 3 Windows-nt, Windows Media Player, Windows Xp | 2024-11-21 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability." | |||||
| CVE-2008-2233 | 1 Openwsman | 1 Openwsman | 2024-11-21 | 7.5 HIGH | N/A |
| The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, allows remote Openwsman servers to replay SSL sessions via unspecified vectors. | |||||
| CVE-2008-2230 | 1 Reportbug-ng | 2 Reportbug, Reportbug-ng | 2024-11-21 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory. | |||||
| CVE-2008-2228 | 1 Cyberfolio | 1 Cyberfolio | 2024-11-21 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter. | |||||
| CVE-2008-2224 | 1 Sazcart | 1 Sazcart | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php. | |||||
| CVE-2008-2220 | 1 Interact | 1 Interact | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448. | |||||
| CVE-2008-2199 | 1 Kkeim | 1 Kmita Mail | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2198 | 1 Kmita Tellfriend | 1 Tellfriend | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. | |||||
| CVE-2008-2195 | 1 Deluxebb | 1 Deluxebb | 2024-11-21 | 6.5 MEDIUM | N/A |
| Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI. | |||||
| CVE-2008-2193 | 1 Scorpnews | 1 Scorpnews | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in example.php in Thomas Gossmann ScorpNews 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. | |||||
| CVE-2008-2192 | 1 Itcms | 1 Itcms | 2024-11-21 | 10.0 HIGH | N/A |
| Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter. | |||||
| CVE-2008-2160 | 1 Microsoft | 1 Windows Embedded Compact | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images. | |||||
| CVE-2008-2128 | 1 Cms Faethon | 1 Cms Faethon | 2024-11-21 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in templates/header.php in CMS Faethon 2.2 Ultimate allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter, a different vulnerability than CVE-2006-5588 and CVE-2006-3185. | |||||
| CVE-2008-2086 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892. | |||||