Total
4662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3835 | 1 Desklance | 1 Desklance | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. | |||||
| CVE-2006-3773 | 1 Mambo | 1 Smf-forum | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4270 | 1 Mambo | 1 Mambelfish Component | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3144 | 1 Ibd | 1 Micro Cms | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2006-4672 | 1 Profitcode | 1 Ppalcart | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php. | |||||
| CVE-2006-4130 | 1 Matt Smith | 1 Remository For Mambo | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2025-04-03 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | |||||
| CVE-2006-1304 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." | |||||
| CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2006-0064 | 1 Devellion | 1 Cubecart | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | |||||
| CVE-2006-3847 | 1 Canebluem | 1 Mospray | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter. | |||||
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | |||||
| CVE-2006-0308 | 1 Htmltonuke | 1 Htmltonuke | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter. | |||||
| CVE-2002-0495 | 1 Cgiscript | 1 Cssearch Professional | 2025-04-03 | 10.0 HIGH | N/A |
| csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. | |||||
| CVE-2006-3751 | 1 Htmlarea3 | 1 Htmlarea3 | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1308 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. | |||||
| CVE-2006-3556 | 1 Extcalendar | 1 Extcalendar | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2003-0498 | 1 Intersystems | 1 Cache Database | 2025-04-03 | 7.2 HIGH | N/A |
| Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. | |||||
| CVE-2001-0308 | 1 Bajie | 1 Java Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program. | |||||
| CVE-2003-1459 | 1 Ttcms | 2 Ttcms, Ttforum | 2025-04-03 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. | |||||