CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4431 – Joomla! Component com_jcalpro 1.5.3.6 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-4431
28 Dec 2009 — PHP remote file inclusion vulnerability in cal_popup.php in the Anything Digital Development JCal Pro (aka com_jcalpro or JCP) component 1.5.3.6 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en cal_popup.php en el componente Anything Digital Development JCal Pro (también conocido como com_jcalpro o JCP) v1.5.3.6 para Joomla! permite a atacantes remotos ejecutar código PHP de su elecci... • https://www.exploit-db.com/exploits/10587 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 3CVE-2008-7011 – Unreal Engine - 'UnChan.cpp' Failed Assertion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-7011
19 Aug 2009 — The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set. El motor de Unreal, el utilizado en Unreal Tournament v3 1.3, Unreal Tournament 2003 y 2004, Dead Man's Hand, Pariah, WarPath, Postal2, y Shadow Ops, permite a usu... • https://www.exploit-db.com/exploits/32386 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2008-1985 – Digital Hive - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1985
27 Apr 2008 — Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en base.php en DigitalHive 2.0 RC2 permite a atacantes remotos inyectar 'script' web arbitrario o HTML mediante el parámetro mt, posiblemente relacionada con "membres.php". • https://www.exploit-db.com/exploits/10427 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 2CVE-2008-0380 – Digital Data Communications - 'RtspVaPgCtrl' Class Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0380
22 Jan 2008 — Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. Desbordamiento de búfer en el controlador ActiveX Digital Data Communications RtspVaPgCtrl (RtspVapgDecoder.dll 1.1.0.29) permite a atacantes remotos ejecutar código de su elección a través de una propiedad MP4Prefix . • https://www.exploit-db.com/exploits/4932 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 4CVE-2007-3071 – eSellerate SDK 3.6.5 - 'eSellerateControl365.dll' ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-3071
06 Jun 2007 — Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument. Desbordamiento de búfer en la función GetWebStoreURL en un control ActiveX determinado en eSellerateControl365.dll 3.6.5.0 de eSellerate SDK permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante un primer argumento largo. • https://www.exploit-db.com/exploits/30144 •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 2CVE-2007-1600 – Digital Eye CMS 0.1.1b - 'module.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-1600
22 Mar 2007 — PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. Vulnerabilidad de inclusión remota de archivo en PHP en module.php de Digital Eye Gallery 1.1 Beta (también conocido como 0.1.1b) permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro menu. • https://www.exploit-db.com/exploits/3533 •
CVSS: 9.3EPSS: 70%CPEs: 83EXPL: 3CVE-2007-0018 – Microsoft Internet Explorer - NCTAudioFile2.AudioFile ActiveX Remote Overflow
https://notcve.org/view.php?id=CVE-2007-0018
24 Jan 2007 — Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStu... • https://www.exploit-db.com/exploits/3728 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2006-2395 – Pixaria PopPhoto 3.5.4 - 'CFG[popphoto_base_path]' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2395
16 May 2006 — PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous use... • https://www.exploit-db.com/exploits/27868 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2006-1096
https://notcve.org/view.php?id=CVE-2006-1096
09 Mar 2006 — Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem • http://pridels0.blogspot.com/2006/03/nz-ecommerce-sqlxss-vuln.html •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-1098 – NZ eCommerce System - 'index.php' Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2006-1098
09 Mar 2006 — Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem • https://www.exploit-db.com/exploits/27344 •