Total
6351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3439 | 1 Speedbit | 1 Speedbit Video Accelerator | 2026-04-23 | N/A |
| SpeedBit Video Acceleration before 2.2.1.8 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | ||||
| CVE-2008-3455 | 1 Jnshosts | 1 Php Hosting Directory | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter. | ||||
| CVE-2008-3481 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2026-04-23 | N/A |
| themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. | ||||
| CVE-2008-3570 | 1 Africabegone | 1 Africa Be Gone | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in Africa Be Gone (ABG) 1.0a allows remote attackers to execute arbitrary PHP code via a URL in the abg_path parameter. | ||||
| CVE-2008-3167 | 1 Boonex | 1 Dolphin | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin. | ||||
| CVE-2008-3648 | 1 Microsoft | 1 Windows Xp | 2026-04-23 | N/A |
| nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008. | ||||
| CVE-2009-0901 | 1 Microsoft | 3 Visual C\+\+, Visual Studio, Visual Studio .net | 2026-04-23 | N/A |
| The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability." | ||||
| CVE-2009-4024 | 1 Pear | 1 Pear | 2026-04-23 | N/A |
| Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem. | ||||
| CVE-2008-0743 | 1 Joovili | 1 Joovili | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter. | ||||
| CVE-2008-3075 | 2 Redhat, Vim | 3 Enterprise Linux, Vim, Zipplugin.vim | 2026-04-23 | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | ||||
| CVE-2008-6408 | 1 Brian Wilson | 1 Ol\'bookmarks | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in frame.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. | ||||
| CVE-2008-6022 | 1 Xnova | 1 Xnova | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/todofleetcontrol.php in an older version of Xnova, possibly 0.8 sp1, allows remote attackers to execute arbitrary PHP code via a URL in the ugamela_root_path parameter. | ||||
| CVE-2009-3986 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2026-04-23 | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||||
| CVE-2009-4111 | 1 Pear | 1 Mail | 2026-04-23 | N/A |
| Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023. | ||||
| CVE-2007-4187 | 1 Joomla | 1 Joomla | 2026-04-23 | N/A |
| Multiple eval injection vulnerabilities in the com_search component in Joomla! 1.5 beta before RC1 (aka Mapya) allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to default_results.php in (1) components/com_search/views/search/tmpl/ and (2) templates/beez/html/com_search/search/. | ||||
| CVE-2007-2084 | 1 Mobilepublisherphp | 1 Mobilepublisherphp | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the auth_method parameter to (1) index.php, (2) list.php, (3) postreview.php, (4) reindex.php, (5) sections.php, (6) templates.php, (7) userinfo.php, (8) users.php, and (9) view.php in admin/. NOTE: this issue has been disputed by a reliable third party, who states that $auth_method is defined before use | ||||
| CVE-2007-6655 | 1 Matpo Bilder Galerie | 1 Kontakt Formular | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2008-1511 | 1 Oocomments | 1 Oocomments | 2026-04-23 | 9.8 Critical |
| Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for (1) classes/class_admin.php and (2) classes/class_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-0145 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | ||||
| CVE-2008-2044 | 1 Netoffice | 1 Dwins | 2026-04-23 | N/A |
| includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the 'true' string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting this variable to 1, as demonstrated by uploading a PHP script via an add action to projects_site/uploadfile.php. | ||||