Total
5673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5666 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-09 | 6.2 MEDIUM | N/A |
| Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 and earlier allows local users to execute arbitrary code via a malicious Security Provider library in the reader's current working directory. NOTE: this issue might be subsumed by CVE-2008-0655. | |||||
| CVE-2008-2436 | 1 Novell | 1 Iprint Client | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx. | |||||
| CVE-2008-4387 | 3 Microsoft, Sap, Simba Technologies | 3 Internet Explorer, Sapgui, Mdrmsap Activex Control | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer. | |||||
| CVE-2009-3677 | 1 Microsoft | 5 Windows 2000, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability." | |||||
| CVE-2008-6196 | 1 Philippe Crochat | 1 Easysite | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1123 | 1 Sitebuilder | 1 Sitebuilder Elite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SiteBuilder Elite 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the CarpPath parameter to (1) files/carprss.php and (2) files/amazon-bestsellers.php. | |||||
| CVE-2007-5138 | 1 Lustig | 1 Lustig.cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. | |||||
| CVE-2007-0209 | 1 Microsoft | 2 Office, Works | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption. | |||||
| CVE-2007-6632 | 1 Xml2owl | 1 Xml2owl | 2025-04-09 | 6.8 MEDIUM | N/A |
| showCode.php in xml2owl 0.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter. | |||||
| CVE-2009-0517 | 1 Phpslash | 1 Phpslash | 2025-04-09 | 10.0 HIGH | N/A |
| Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0551 | 2 Microsoft, Sejoong Namo | 2 Activex, Activesquare | 2025-04-09 | 9.3 HIGH | N/A |
| The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5492 | 1 Sitebar | 1 Sitebar | 2025-04-09 | 4.6 MEDIUM | N/A |
| Static code injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the value parameter. | |||||
| CVE-2008-1093 | 1 Acresso | 2 Flexnet Connect, Intallshield Update Agent | 2025-04-09 | 9.3 HIGH | N/A |
| Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules. | |||||
| CVE-2008-4719 | 1 Openengine | 1 Openengine | 2025-04-09 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector than CVE-2008-4329. | |||||
| CVE-2007-5164 | 1 Universibo | 1 Universibo | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in htmls/forum/includes/topic_review.php in UniversiBO 1.3.4 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue is disputed by CVE because the applicable include is in a function that is not called on a direct request | |||||
| CVE-2008-0417 | 1 Mozilla | 1 Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | |||||
| CVE-2007-5840 | 1 Syndeocms | 1 Syndeocms | 2025-04-09 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in starnet/themes/c-sky/main.inc.php in Fred Stuurman SyndeoCMS 2.5.01 allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter, a different vector than CVE-2006-4920.2. | |||||
| CVE-2007-2428 | 1 Ahhp-portal | 1 Ahhp-portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in page.php in Ahhp-Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) fp or (2) sc parameter. | |||||
| CVE-2009-0224 | 1 Microsoft | 7 Compatibility Pack Word Excel Powerpoint, Office Compatibility Pack For Word Excel Ppt 2007, Office Powerpoint and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; PowerPoint Viewer 2003 and 2007 SP1 and SP2; PowerPoint in Microsoft Office 2004 for Mac and 2008 for Mac; Open XML File Format Converter for Mac; Microsoft Works 8.5 and 9.0; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly validate PowerPoint files, which allows remote attackers to execute arbitrary code via multiple crafted BuildList records that include ChartBuild containers, which triggers memory corruption, aka "Memory Corruption Vulnerability." | |||||
| CVE-2007-4551 | 1 Agares Media | 1 Arcadem | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter. | |||||