Total
4481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1753 | 1 Cgiscript | 1 Csnews Professional | 2025-04-03 | 7.5 HIGH | N/A |
| csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2006-1503 | 1 Vwar | 1 Virtual War | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1636. | |||||
| CVE-2002-2019 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter. | |||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2025-04-03 | 4.6 MEDIUM | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | |||||
| CVE-2006-3748 | 1 Mamboxchange | 1 Loudmouth | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4666 | 1 Stefan Ernst | 1 Newsscript | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php. | |||||
| CVE-2006-1309 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. | |||||
| CVE-2001-0307 | 1 Bajie | 1 Java Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | |||||
| CVE-2006-3995 | 1 User Home Pages | 1 User Home Pages | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2003-0395 | 1 Myupb | 1 Ultimate Php Board | 2025-04-03 | 7.5 HIGH | N/A |
| Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php. | |||||
| CVE-2005-3859 | 1 Q-news | 1 Q-news | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | |||||
| CVE-2006-0659 | 1 Runcms | 1 Runcms | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | |||||
| CVE-2004-1419 | 1 Zeroboard | 1 Zeroboard | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | |||||
| CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
| Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | |||||
| CVE-2006-3846 | 1 Mambo | 1 Mambo Multibanners | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3530 | 1 Joomla | 1 Pc Cookbook | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1896 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. | |||||
| CVE-2005-0720 | 1 Mcnews | 1 Mcnews | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0103 | 1 Squirrelmail | 1 Squirrelmail | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. | |||||