Total
5795 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0207 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
|
|||||
| CVE-2006-0064 | 1 Devellion | 1 Cubecart | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
|
|||||
| CVE-2006-3396 | 1 Miro International | 1 Galleria | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2002-2297 | 1 Atthat.com | 1 Thatware | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
|
|||||
| CVE-2006-2395 | 1 Popsoft Digital | 1 Popphoto | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and al ...
Show More |
|||||
| CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-4130 | 1 Matt Smith | 1 Remository For Mambo | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-2281 | 1 X-scripts | 1 X-poll | 2025-04-03 | 7.5 HIGH | N/A |
|
X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it.
|
|||||
| CVE-2006-0388 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.6 LOW | N/A |
|
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
|
|||||
| CVE-2006-1154 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable.
|
|||||
| CVE-2005-3861 | 1 Phpgreetz | 1 Phpgreetz | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
|
|||||
| CVE-2006-1636 | 1 Vwar | 1 Virtual War | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.
|
|||||
| CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
|
|||||
| CVE-2006-1540 | 1 Microsoft | 1 Office | 2025-04-03 | 9.3 HIGH | N/A |
|
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an ...
Show More |
|||||
| CVE-2006-3530 | 1 Joomla | 1 Pc Cookbook | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter.
|
|||||
| CVE-2005-4209 | 1 Alt-n | 2 Mdaemon, Worldclient | 2025-04-03 | 4.3 MEDIUM | N/A |
|
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2006-0945 | 1 Archangelmgt | 1 Weblog | 2025-04-03 | 6.5 MEDIUM | N/A |
|
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter.
|
|||||
| CVE-2006-0308 | 1 Htmltonuke | 1 Htmltonuke | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter.
|
|||||
| CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 7.5 HIGH | N/A |
|
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
|
|||||
| CVE-2002-1750 | 1 Cgiscript | 1 Csguestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.
|
|||||
| CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.4 MEDIUM | 4.5 MEDIUM |
|
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
|
|||||
| CVE-2006-1251 | 1 Sa-exim | 1 Sa-exim | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
|
|||||
| CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
|
|||||
| CVE-2006-3995 | 1 User Home Pages | 1 User Home Pages | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2025-04-03 | 7.5 HIGH | N/A |
|
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.
|
|||||
| CVE-2006-4666 | 1 Stefan Ernst | 1 Newsscript | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.
|
|||||
| CVE-2006-1306 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
|
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
|
|||||
| CVE-2006-4858 | 1 Mamboxchange | 1 Serverstat Component | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-4288 | 1 Mambo | 1 A6mambocredits Component | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-0565 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
|
|||||
| CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2006-4026 | 1 Redgraphic | 1 Sapid Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
|
|||||
| CVE-2006-3846 | 1 Mambo | 1 Mambo Multibanners | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
|
|||||
| CVE-2003-1412 | 1 Gonicus | 1 Gonicus System Administration | 2025-04-03 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
|
|||||
| CVE-2003-1459 | 1 Ttcms | 2 Ttcms, Ttforum | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
|
|||||
| CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
|
|||||
| CVE-2004-2740 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | 4.3 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
|
|||||
| CVE-2006-4637 | 1 Acgv News | 1 Acgv News | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information.
|
|||||
| CVE-2006-2645 | 1 Plume-cms | 1 Plume Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725.
|
|||||
| CVE-2006-2548 | 2 Perlpodder, Prodder | 2 Perlpodder, Prodder | 2025-04-03 | 7.5 HIGH | N/A |
|
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
|
|||||