Total
6342 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6373 | 1 Nagios | 1 Nagios | 2026-04-23 | N/A |
| Unspecified vulnerability in Nagios before 3.0.6 has unspecified impact and remote attack vectors related to CGI programs, "adaptive external commands," and "writing newlines and submitting service comments." | ||||
| CVE-2007-5456 | 1 Microsoft | 1 Internet Explorer | 2026-04-23 | N/A |
| Microsoft Internet Explorer 7 and earlier allows remote attackers to bypass the "File Download - Security Warning" dialog box and download arbitrary .exe files by placing a '?' (question mark) followed by a non-.exe filename after the .exe filename, as demonstrated by (1) .txt, (2) .cda, (3) .log, (4) .dif, (5) .sol, (6) .htt, (7) .itpc, (8) .itms, (9) .dvr-ms, (10) .dib, (11) .asf, (12) .tif, and unspecified other extensions, a different issue than CVE-2004-1331. NOTE: this issue might not cross privilege boundaries, although it does bypass an intended protection mechanism. | ||||
| CVE-2007-1078 | 1 Flashgamescript | 1 Flashgamescript | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter. | ||||
| CVE-2007-6339 | 1 Akamai Technologies | 1 Download Manager | 2026-04-23 | N/A |
| The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters." | ||||
| CVE-2007-5822 | 1 Scribe | 1 Scribe | 2026-04-23 | N/A |
| Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php. | ||||
| CVE-2008-6446 | 1 Geniuscyber | 1 Maxsite | 2026-04-23 | N/A |
| Static code injection vulnerability in the Guestbook component in CMS MAXSITE allows remote attackers to inject arbitrary PHP code into the guestbook via the message parameter. | ||||
| CVE-2007-5754 | 1 Phpfaber | 1 Urlinn | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in urlinn_includes/config.php in phpFaber URLInn 2.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the dir_ws parameter. | ||||
| CVE-2007-6652 | 1 Xcms | 1 Xcms | 2026-04-23 | N/A |
| cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer). | ||||
| CVE-2008-6474 | 1 F5 | 1 Tmos | 2026-04-23 | N/A |
| The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection. | ||||
| CVE-2006-6732 | 1 Cwm-design | 1 Cwmvote | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. | ||||
| CVE-2009-2809 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues." | ||||
| CVE-2008-7152 | 1 Simon Rycroft | 1 Sid | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Specimen Image Database (SID), when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) client.php or (2) taxonservice.php. | ||||
| CVE-2008-6531 | 1 Atlassian | 1 Jira | 2026-04-23 | N/A |
| The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole." | ||||
| CVE-2006-6212 | 1 Webwiz | 1 Site News | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2008-1091 | 1 Microsoft | 3 Office, Office Compatibility Pack For Word Excel Ppt 2007, Word Viewer | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability." | ||||
| CVE-2009-0375 | 1 Realnetworks | 1 Realplayer | 2026-04-23 | N/A |
| Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. | ||||
| CVE-2008-6544 | 1 Simple Machines | 1 Simple Machines Forum | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request | ||||
| CVE-2007-4978 | 1 Phpsyncml | 1 Phpsyncml | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/. | ||||
| CVE-2006-5480 | 1 Castor | 1 Php Web Builder | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter. | ||||
| CVE-2008-0115 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2026-04-23 | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability." | ||||