Total
5497 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-2315 | 1 Ispconfig | 1 Ispconfig | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled | ||||
| CVE-2006-4624 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2025-04-03 | N/A |
| CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. | ||||
| CVE-2006-1316 | 1 Microsoft | 1 Office | 2025-04-03 | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. | ||||
| CVE-2006-2521 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | ||||
| CVE-2005-1894 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker. | ||||
| CVE-2006-0094 | 1 Oaboard | 1 Oaboard | 2025-04-03 | N/A |
| PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | ||||
| CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2025-04-03 | 7.3 High |
| Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. | ||||
| CVE-2006-3562 | 1 Plume-cms | 1 Plume Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725. | ||||
| CVE-2006-0945 | 1 Archangelmgt | 1 Weblog | 2025-04-03 | N/A |
| PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | ||||
| CVE-2006-1039 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | N/A |
| SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | ||||
| CVE-2006-3730 | 1 Microsoft | 3 Ie, Internet Explorer, Windows Xp | 2025-04-03 | N/A |
| Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. | ||||
| CVE-2006-3749 | 1 Mambo | 1 Sitemap | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3949 | 1 Mambo | 1 Artlinks Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2025-04-03 | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | ||||
| CVE-2003-1436 | 1 Crossnuke | 1 Nukebrowser | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter. | ||||
| CVE-2006-2548 | 2 Perlpodder, Prodder | 2 Perlpodder, Prodder | 2025-04-03 | N/A |
| Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget. | ||||
| CVE-2006-1896 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. | ||||
| CVE-2006-2686 | 1 Actionapps | 1 Actionapps | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[AA_INC_PATH] parameter in (1) cached.php3, (2) cron.php3, (3) discussion.php3, (4) filldisc.php3, (5) filler.php3, (6) fillform.php3, (7) go.php3, (8) hiercons.php3, (9) jsview.php3, (10) live_checkbox.php3, (11) offline.php3, (12) post2shtml.php3, (13) search.php3, (14) slice.php3, (15) sql_update.php3, (16) view.php3, (17) multiple files in the (18) admin/ folder, (19) includes folder, and (20) modules/ folder. | ||||