Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2003-1385

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 Oct, 2007 | 10:00
Updated At-08 Aug, 2024 | 02:28
Rejected At-
Credits

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 Oct, 2007 | 10:00
Updated At:08 Aug, 2024 | 02:28
Rejected At:
▼CVE Numbering Authority (CNA)

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/8182
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/3357
vdb-entry
x_refsource_OSVDB
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
mailing-list
x_refsource_VULNWATCH
http://www.securityfocus.com/bid/6976
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/8182
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/3357
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
Resource:
mailing-list
x_refsource_VULNWATCH
Hyperlink: http://www.securityfocus.com/bid/6976
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/8182
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/3357
vdb-entry
x_refsource_OSVDB
x_transferred
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
mailing-list
x_refsource_VULNWATCH
x_transferred
http://www.securityfocus.com/bid/6976
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/8182
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/3357
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
Resource:
mailing-list
x_refsource_VULNWATCH
x_transferred
Hyperlink: http://www.securityfocus.com/bid/6976
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2003 | 05:00
Updated At:03 Apr, 2025 | 01:03

ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
invision_power_services
invision_power_services
>>invision_power_board>>1.1.1
cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.htmlcve@mitre.org
Exploit
Vendor Advisory
http://secunia.com/advisories/8182cve@mitre.org
N/A
http://www.osvdb.org/3357cve@mitre.org
N/A
http://www.securityfocus.com/bid/6976cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/11435cve@mitre.org
N/A
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
http://secunia.com/advisories/8182af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/3357af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/6976af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/11435af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
Source: cve@mitre.org
Resource:
Exploit
Vendor Advisory
Hyperlink: http://secunia.com/advisories/8182
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/3357
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/6976
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Hyperlink: http://secunia.com/advisories/8182
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/3357
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/6976
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/11435
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

487Records found
CVE-2016-2119
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.25%
||
7 Day CHG-0.29%
Published-07 Jul, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.

Action-Not Available
Vendor-n/aSamba
Product-samban/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-2340
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-17.43% / 94.81%
||
7 Day CHG~0.00%
Published-27 Apr, 2007 | 16:00
Updated-07 Aug, 2024 | 13:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters.

Action-Not Available
Vendor-phporacleviewn/a
Product-phporacleviewn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-2144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.49% / 87.13%
||
7 Day CHG+0.52%
Published-19 Apr, 2007 | 10:00
Updated-07 Aug, 2024 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack (com_jpack) 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-joomlapackn/a
Product-joomlapackn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-2005
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.77% / 72.46%
||
7 Day CHG~0.00%
Published-12 Apr, 2007 | 19:00
Updated-07 Aug, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-taskhopper_componentn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-17170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-2.92% / 85.87%
||
7 Day CHG~0.00%
Published-28 Jun, 2019 | 17:46
Updated-05 Aug, 2024 | 10:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected.

Action-Not Available
Vendor-teamwiren/a
Product-teamwiren/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-17364
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.72% / 71.61%
||
7 Day CHG~0.00%
Published-23 Sep, 2018 | 18:00
Updated-05 Aug, 2024 | 10:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.

Action-Not Available
Vendor-otcmsn/a
Product-otcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2008-3308
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.48% / 84.70%
||
7 Day CHG~0.00%
Published-25 Jul, 2008 | 16:00
Updated-07 Aug, 2024 | 09:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. Desseno YouTube Blog (ytb) 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the base_archivo parameter.

Action-Not Available
Vendor-carlos_dessenon/a
Product-youtube_blogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.42%
||
7 Day CHG~0.00%
Published-26 Jun, 2008 | 17:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/include/lib.module.php in cmsWorks 2.2 RC4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.

Action-Not Available
Vendor-cmsworksn/a
Product-cmsworksn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-5529
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.1||HIGH
EPSS-1.64% / 81.20%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 08:35
Updated-15 Oct, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

Action-Not Available
Vendor-htmlunitHtmlUnit ProjectCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-ubuntu_linuxcameldebian_linuxhtmlunitHtmlUnit
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-665
Improper Initialization
CVE-2008-2981
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.21% / 78.16%
||
7 Day CHG~0.00%
Published-02 Jul, 2008 | 17:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.

Action-Not Available
Vendor-homeph_designn/a
Product-homeph_designn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.09% / 89.41%
||
7 Day CHG~0.00%
Published-21 May, 2008 | 10:00
Updated-07 Aug, 2024 | 08:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.

Action-Not Available
Vendor-n/aHP Inc.
Product-software_updaten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.42%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 18:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.

Action-Not Available
Vendor-interactn/a
Product-interactn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-14910
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.38%
||
7 Day CHG~0.00%
Published-03 Aug, 2018 | 19:00
Updated-05 Aug, 2024 | 09:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php or data/admin/ip.php. This can also be exploited through CSRF.

Action-Not Available
Vendor-seacmsn/a
Product-seacmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2463
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.8||MEDIUM
EPSS-84.09% / 99.26%
||
7 Day CHG~0.00%
Published-07 Jul, 2008 | 23:00
Updated-07 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-office_snapshot_viewer_activexn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2841
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-31.19% / 96.60%
||
7 Day CHG~0.00%
Published-24 Jun, 2008 | 19:00
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.

Action-Not Available
Vendor-xchatn/aMicrosoft Corporation
Product-internet_explorerxchatwindows_ntn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-6132
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-77.65% / 98.95%
||
7 Day CHG~0.00%
Published-13 Feb, 2009 | 18:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.

Action-Not Available
Vendor-brickhostn/a
Product-phpscheduleitn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2905
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-70.56% / 98.63%
||
7 Day CHG~0.00%
Published-30 Jun, 2008 | 18:00
Updated-07 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-n/aMamboServer
Product-mambon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.53% / 92.54%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 17:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in kmitaadmin/kmitam/htmlcode.php in Kmita Mail 3.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

Action-Not Available
Vendor-kkeimn/a
Product-kmita_mailn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5045
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.67% / 88.91%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 23:00
Updated-07 Aug, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php.

Action-Not Available
Vendor-joomlaxtn/a
Product-com_pollxtn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.98% / 82.86%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 18:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _saz[settings][site_dir] parameter to layouts/default/header.saz.php and the (2) _saz[settings][site_url] parameter to admin/alayouts/default/pages/login.php.

Action-Not Available
Vendor-sazcartn/a
Product-sazcartn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-2198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.93% / 90.28%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 17:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in kmitaadmin/kmitat/htmlcode.php in Kmita Tellfriend 2.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.

Action-Not Available
Vendor-kmita_tellfriendn/a
Product-tellfriendn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2020-8349
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-9.8||CRITICAL
EPSS-2.62% / 85.11%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An internal security review has identified an unauthenticated remote code execution vulnerability in Cloud Networking Operating System (CNOS)’ optional REST API management interface. This interface is disabled by default and not vulnerable unless enabled. When enabled, it is only vulnerable where attached to a VRF and as allowed by defined ACLs. Lenovo strongly recommends upgrading to a non-vulnerable CNOS release. Where not possible, Lenovo recommends disabling the REST API management interface or restricting access to the management VRF and further limiting access to authorized management stations via ACL.

Action-Not Available
Vendor-Lenovo Group Limited
Product-rackswitch_ne1072trackswitch_ne2572rackswitch_ne1032rackswitch_g8296rackswitch_g8272cloud_networking_operating_systemrackswitch_ne0152trackswitch_ne10032rackswitch_g8332rackswitch_ne1032tCloud Networking Operating System (CNOS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2015-8351
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-73.89% / 98.77%
||
7 Day CHG~0.00%
Published-11 Sep, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.

Action-Not Available
Vendor-gwolle_guestbook_projectn/a
Product-gwolle_guestbookn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.02% / 83.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2008 | 15:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

Action-Not Available
Vendor-dragoonn/a
Product-dragoonn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-6.13% / 90.44%
||
7 Day CHG~0.00%
Published-29 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in lib/head_auth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFG[PREPEND_FILE] parameter.

Action-Not Available
Vendor-group_en/a
Product-group_en/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.80% / 85.56%
||
7 Day CHG~0.00%
Published-17 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter.

Action-Not Available
Vendor-snarkyn/a
Product-visualpicn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-28 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) Vert/index.php, (2) Noir/index.php, and (3) Bleu/index.php in template/, different vectors than CVE-2008-0645.

Action-Not Available
Vendor-portail_web_phpn/a
Product-portail_web_phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-10.24% / 92.86%
||
7 Day CHG~0.00%
Published-28 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Quantum Game Library 0.7.2c allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) server_request.php and (2) qlib/smarty.inc.php.

Action-Not Available
Vendor-quantum_game_libraryn/a
Product-quantum_game_libraryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.02% / 83.01%
||
7 Day CHG~0.00%
Published-14 Apr, 2008 | 16:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.

Action-Not Available
Vendor-phpblockn/a
Product-phpblockn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.52% / 87.19%
||
7 Day CHG~0.00%
Published-12 Apr, 2008 | 20:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in _blogadata/include.

Action-Not Available
Vendor-blogator-scriptn/a
Product-blogator-scriptn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1622
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.46% / 63.08%
||
7 Day CHG~0.00%
Published-02 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow remote attackers to execute arbitrary PHP code via a URL in the id parameter to (1) show.php, (2) search.php, and (3) view.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-geertsen_holdings_incn/a
Product-geecartsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1067
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-5.58% / 89.93%
||
7 Day CHG~0.00%
Published-28 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the _SESSION[path] parameter to (1) ezmlm.php and (2) tools/update_translations.php.

Action-Not Available
Vendor-phpqladminn/a
Product-phpqladminn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.88% / 74.42%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in wildmary Yap Blog 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-wildmaryn/a
Product-yap_blogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.20% / 92.39%
||
7 Day CHG~0.00%
Published-24 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in FLA file parsing in Adobe Flash CS3 Professional, Flash Professional 8, and Flash Basic 8 on Windows allow user-assisted remote attackers to execute arbitrary code via a crafted .FLA file.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flashn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.58% / 67.89%
||
7 Day CHG~0.00%
Published-05 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 08:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs

Action-Not Available
Vendor-phpbbn/a
Product-123_flash_chat_modulen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.70% / 81.54%
||
7 Day CHG~0.00%
Published-27 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in mod/mod.extmanager.php in DBHcms 1.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the extmanager_install parameter.

Action-Not Available
Vendor-drbenhur.comn/a
Product-dbhcmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1081
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.20% / 78.12%
||
7 Day CHG~0.00%
Published-29 Feb, 2008 | 02:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1126
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-12.72% / 93.74%
||
7 Day CHG~0.00%
Published-03 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in main.php in Barryvan Compo Manager 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the pageURL parameter.

Action-Not Available
Vendor-barryvan_compon/a
Product-barryvan_compo_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1862
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.55% / 80.69%
||
7 Day CHG~0.00%
Published-17 Apr, 2008 | 16:00
Updated-07 Aug, 2024 | 08:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.

Action-Not Available
Vendor-exbbn/a
Product-exbb_italian/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2008-1124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.69% / 85.28%
||
7 Day CHG~0.00%
Published-03 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Podcast Generator 1.0 BETA 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absoluteurl parameter to (1) components/xmlparser/loadparser.php; (2) admin.php, (3) categories.php, (4) categories_add.php, (5) categories_remove.php, (6) edit.php, (7) editdel.php, (8) ftpfeature.php, (9) login.php, (10) pgRSSnews.php, (11) showcat.php, and (12) upload.php in core/admin/; and (13) archive_cat.php, (14) archive_nocat.php, and (15) recent_list.php in core/.

Action-Not Available
Vendor-podcast_generatorn/a
Product-podcast_generatorn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.49% / 80.37%
||
7 Day CHG~0.00%
Published-27 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in footer.php in Quinsonnas Mail Checker 1.55 allows remote attackers to execute arbitrary PHP code via a URL in the op[footer_body] parameter.

Action-Not Available
Vendor-quinsonnasn/a
Product-quinsonnas_mail_checkern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1128
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.92% / 75.02%
||
7 Day CHG~0.00%
Published-03 Mar, 2008 | 23:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in tourney/index.php in phpMyTourney 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Action-Not Available
Vendor-phpmytourneyn/a
Product-phpmytourneyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1682
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.64% / 87.39%
||
7 Day CHG+1.62%
Published-04 Apr, 2008 | 19:00
Updated-07 Aug, 2024 | 08:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in quiz/common/db_config.inc.php in the Online FlashQuiz (com_onlineflashquiz) 1.0.2 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter.

Action-Not Available
Vendor-elearningforcen/a
Product-online_flashquizn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.16% / 77.75%
||
7 Day CHG~0.00%
Published-03 Mar, 2008 | 22:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php.

Action-Not Available
Vendor-sitebuildern/a
Product-sitebuilder_eliten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1233
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-22.23% / 95.59%
||
7 Day CHG~0.00%
Published-27 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxthunderbirdseamonkeyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-11.91% / 93.50%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in includes/.

Action-Not Available
Vendor-phpauctionn/a
Product-phpauction_gpln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1405
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.17% / 92.38%
||
7 Day CHG~0.00%
Published-20 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in code/display.php in fuzzylime (cms) 3.01 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter.

Action-Not Available
Vendor-fuzzylimen/a
Product-fuzzylimen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-1016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.42% / 79.82%
||
7 Day CHG~0.00%
Published-04 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0042
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-4.01% / 88.01%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2008-0804
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.50% / 80.42%
||
7 Day CHG~0.00%
Published-18 Feb, 2008 | 23:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in usrgetform.html in Thecus N5200Pro NAS Server allows remote attackers to execute arbitrary PHP code via a URL in the name parameter.

Action-Not Available
Vendor-thecusn/a
Product-n5200pro_nas_server_control_paneln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 9
  • 10
  • Next
Details not found