Total
5597 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6251 | 1 Scripts | 1 Phpfan | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in includes/init.php in phpFan 3.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | ||||
| CVE-2008-6305 | 1 Freedirectoryscript | 1 Free Directory Script | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in init.php in Free Directory Script 1.1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the API_HOME_DIR parameter. | ||||
| CVE-2008-6377 | 1 Phpbb-seo | 1 Multi Seo Phpbb | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in include/global.php in Multi SEO phpBB 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter. | ||||
| CVE-2008-6402 | 1 Muskatli | 1 Sofi Webgui | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. | ||||
| CVE-2008-6486 | 1 Shatm | 1 Sharedlog | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in slideshow_uploadvideo.content.php in SharedLog, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_dir] parameter. | ||||
| CVE-2008-6499 | 1 Apachefriends | 1 Xampp | 2025-04-09 | N/A |
| security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1. | ||||
| CVE-2008-6513 | 1 Aphpkb | 1 Aphpkb | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in saa.php in Andy's PHP Knowledgebase (aphpkb) 0.92.9 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a link that is listed by authors.php. | ||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2025-04-09 | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | ||||
| CVE-2008-6544 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request | ||||
| CVE-2008-6584 | 1 Torrentflux | 1 Torrentflux | 2025-04-09 | N/A |
| html/index.php in TorrentFlux 2.3 allows remote authenticated users to execute arbitrary code via a URL with a file containing an executable extension in the url_upload parameter, which is downloaded by TorrentFlux and can be accessed via a direct request in a html/downloads/ user directory. | ||||
| CVE-2008-6591 | 1 Lightneasy | 1 Lightneasy | 2025-04-09 | N/A |
| LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allows remote attackers to create arbitrary files via the page parameter to (1) index.php and (2) LightNEasy.php. | ||||
| CVE-2008-6665 | 1 Anantasoft | 1 Ananta Cms | 2025-04-09 | N/A |
| change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection. | ||||
| CVE-2008-6740 | 1 Homap | 1 Homap | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in html/admin/modules/plugin_admin.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the _settings[pluginpath] parameter. | ||||
| CVE-2008-6748 | 1 Megacubo | 1 Megacubo | 2025-04-09 | N/A |
| Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. | ||||
| CVE-2008-6849 | 1 W2b | 1 Phpgreetcards | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a via a link that is listed by userfiles/number_shell.php. | ||||
| CVE-2008-6934 | 1 Sansuart | 1 Free Simple Guestbook Php Script | 2025-04-09 | N/A |
| Static code injection vulnerability in Sanus|artificium (aka Sanusart) Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is accessed. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2008-6937 | 1 Jabber | 1 Exodus | 2025-04-09 | N/A |
| Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-7000 | 1 Phpauction | 1 Phpauction | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1. | ||||
| CVE-2008-7042 | 1 Freshscripts | 1 Fresh Email Script | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter. | ||||
| CVE-2008-7070 | 1 Kvirc | 1 Kvirc | 2025-04-09 | N/A |
| Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951. | ||||