Total
5662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3776 | 1 Idevspot | 2 Autohost, Phphostbot | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2025-04-03 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | |||||
| CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | |||||
| CVE-2006-2685 | 1 Kevin Johnson | 1 Basic Analysis And Security Engine | 2025-04-03 | 4.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. | |||||
| CVE-2006-1636 | 1 Vwar | 1 Virtual War | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503. | |||||
| CVE-2006-0725 | 1 Plume-cms | 1 Plume Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645. | |||||
| CVE-2006-0399 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
| CVE-2005-0720 | 1 Mcnews | 1 Mcnews | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | |||||
| CVE-2005-1894 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker. | |||||
| CVE-2003-0395 | 1 Myupb | 1 Ultimate Php Board | 2025-04-03 | 7.5 HIGH | N/A |
| Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php. | |||||
| CVE-2006-3556 | 1 Extcalendar | 1 Extcalendar | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3144 | 1 Ibd | 1 Micro Cms | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | |||||
| CVE-2006-2315 | 1 Ispconfig | 1 Ispconfig | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled | |||||
| CVE-2001-0307 | 1 Bajie | 1 Java Http Server | 2025-04-03 | 7.5 HIGH | N/A |
| Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | |||||
| CVE-2005-4209 | 1 Alt-n | 2 Mdaemon, Worldclient | 2025-04-03 | 4.3 MEDIUM | N/A |
| WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2006-2521 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | |||||
| CVE-2006-4649 | 1 Bingo News | 1 Bingo News | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter. | |||||
| CVE-2006-3136 | 1 Nucleus Group | 1 Nucleus Cms | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used | |||||
| CVE-2005-2498 | 2 Debian, Gggeek | 2 Debian Linux, Phpxmlrpc | 2025-04-03 | 7.5 HIGH | N/A |
| Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | |||||