| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. |
| PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter. |
| The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. |
| Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly process Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted audio file that uses the Windows Media Speech codec, aka "Windows Media Runtime Voice Sample Rate Vulnerability." |
| Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. |
| Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655. |
| Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. |
| Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. |
| Multiple PHP remote file inclusion vulnerabilities in PHPBlog 0.1 Alpha allow remote attackers to execute arbitrary PHP code via a URL in the blog_localpath parameter to (1) includes/functions.php or (2) includes/email.php. NOTE: this issue is disputed by CVE because the identified code is in functions that are not accessible via direct request |
| PHP remote file inclusion vulnerability in eva/index.php in EVA CMS 2.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the eva[caminho] parameter to index.php. |
| Unrestricted file upload vulnerability in admin/uploader.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in img/. |
| Cross-site scripting (XSS) vulnerability in siteadmin/editor_files/includes/load_message.php in the Youtube Clone Script allows remote attackers to inject arbitrary web script or HTML via the lang[please_wait] parameter. |
| modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php. |
| PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux allows remote attackers to execute arbitrary code via shell metacharacters in the PROJECTNUM parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| PHP remote file inclusion vulnerability in blocks/tsdisplay4xoops_block2.php in tsdisplay4xoops (TSD4XOOPS, aka the TeamSpeak display module) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the xoops_url parameter. |
| CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
| LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. |
| PHP remote file inclusion vulnerability in config.inc.php3 in Power Phlogger 2.0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rel_path parameter. |
| Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as .php.jpg, which creates an accessible file under img_original/. |
