Total
3487 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0207 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | |||||
CVE-2005-0709 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2024-02-28 | 4.6 MEDIUM | N/A |
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | |||||
CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-1031 | 1 Igenus | 1 Igenus Webmail | 2024-02-28 | 7.5 HIGH | N/A |
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | |||||
CVE-2006-1304 | 1 Microsoft | 2 Excel, Excel Viewer | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." | |||||
CVE-2006-3749 | 1 Mambo | 1 Sitemap | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3995 | 1 User Home Pages | 1 User Home Pages | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-4195 | 1 Mamboxchange | 1 Peoplebook | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | |||||
CVE-1999-0702 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 10.0 HIGH | N/A |
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. | |||||
CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2024-02-28 | 7.5 HIGH | N/A |
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | |||||
CVE-1999-0509 | 2024-02-28 | 10.0 HIGH | N/A | ||
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2002-2287 | 1 Phpbb | 1 Advanced Quick Reply Hack | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2024-02-28 | 6.5 MEDIUM | N/A |
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | |||||
CVE-2003-1240 | 1 Cutephp | 1 Cutenews | 2024-02-28 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | |||||
CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-02-28 | 7.5 HIGH | N/A |
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | |||||
CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2024-02-28 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | |||||
CVE-2000-0155 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2024-02-28 | 7.2 HIGH | N/A |
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||||
CVE-2002-2319 | 1 Mysimplenews | 1 Mysimplenews | 2024-02-28 | 7.5 HIGH | N/A |
Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the (1) LOGIN, (2) DATA, and (3) MESS parameters, which are inserted into news.php3. | |||||
CVE-2002-1753 | 1 Cgiscript | 1 Csnews Professional | 2024-02-28 | 7.5 HIGH | N/A |
csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. |