Total
5805 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3172 | 1 Content\*builder | 1 Content\*builder | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] parameter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php. | |||||
| CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2002-2249 | 1 Php Evolution | 1 News Evolution | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | |||||
| CVE-2006-4639 | 1 C-news.fr | 1 C-news | 2025-04-03 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information. | |||||
| CVE-2005-2703 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | |||||
| CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | 6.8 MEDIUM | N/A |
| ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-1999-0509 | 2025-04-03 | 10.0 HIGH | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2006-3966 | 2 Carlos Sanchez Valle, Php Layers Menu | 2 Mynewsgroups, Php Layers Menu | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. | |||||
| CVE-2002-1750 | 1 Cgiscript | 1 Csguestbook | 2025-04-03 | 7.5 HIGH | N/A |
| csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | |||||
| CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | |||||
| CVE-2006-2388 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. | |||||
| CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||||
| CVE-2006-2780 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-03 | 9.3 HIGH | N/A |
| Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. | |||||
| CVE-2003-1410 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | |||||
| CVE-2006-4863 | 1 Marc Cagninacci | 1 Mclinkscounter | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. NOTE: CVE also disputes a later report of this vulnerability in 1.2, because the langfile parameter is set to french.php in 1.2 | |||||
| CVE-2003-1240 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | |||||
| CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | |||||
| CVE-2006-1610 | 1 Squery | 1 Squery | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. NOTE: this only occurs when register_globals is disabled. | |||||
| CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2025-04-03 | 4.4 MEDIUM | 4.5 MEDIUM |
| Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | |||||
| CVE-2006-0094 | 1 Oaboard | 1 Oaboard | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||