Total
5179 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2395 | 1 Popsoft Digital | 1 Popphoto | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update." | ||||
| CVE-2002-1750 | 1 Cgiscript | 1 Csguestbook | 2025-04-03 | N/A |
| csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | ||||
| CVE-2005-4573 | 1 Plogger | 1 Plogger | 2025-04-03 | N/A |
| PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter. | ||||
| CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.5 Medium |
| Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | ||||
| CVE-2005-1527 | 3 Awstats, Canonical, Debian | 3 Awstats, Ubuntu Linux, Debian Linux | 2025-04-03 | N/A |
| Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. | ||||
| CVE-2002-1753 | 1 Cgiscript | 1 Csnews Professional | 2025-04-03 | N/A |
| csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | ||||
| CVE-2002-2297 | 1 Atthat.com | 1 Thatware | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | ||||
| CVE-2006-2645 | 1 Plume-cms | 1 Plume Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in manager/frontinc/prepend.php for Plume 1.0.3 allows remote attackers to execute arbitrary code via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-0725. | ||||
| CVE-2003-1432 | 1 Epic Games | 2 Unreal Engine, Unreal Tournament 2003 | 2025-04-03 | N/A |
| Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | ||||
| CVE-2002-1752 | 1 Cgiscript | 1 Cschat-r-box | 2025-04-03 | N/A |
| csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | ||||
| CVE-2006-2681 | 1 Socketmail | 1 Socketmail | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php. | ||||
| CVE-2006-2685 | 1 Kevin Johnson | 1 Basic Analysis And Security Engine | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. | ||||
| CVE-2004-2740 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter. | ||||
| CVE-2006-0144 | 2 Apache2triad, Php | 2 Apache2triad, Pear | 2025-04-03 | N/A |
| The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | ||||
| CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | ||||
| CVE-2006-0398 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | ||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | ||||
| CVE-2003-1253 | 1 Sangwan Kim | 1 Bookmark4u | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. | ||||
| CVE-2006-2767 | 1 Ottoman | 1 Ottoman | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php. | ||||
| CVE-2003-0498 | 1 Intersystems | 1 Cache Database | 2025-04-03 | N/A |
| Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. | ||||