Total
5662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3748 | 1 Mamboxchange | 1 Loudmouth | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4111 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-03 | 7.5 HIGH | N/A |
| Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | |||||
| CVE-2006-0887 | 1 Phplib Team | 1 Phplib | 2025-04-03 | 7.5 HIGH | N/A |
| Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory. | |||||
| CVE-2006-1749 | 1 Smartisoft | 1 Phplistpro | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well. | |||||
| CVE-2005-3775 | 1 Pollvote | 1 Pollvote | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | |||||
| CVE-2006-3019 | 1 Phpcms | 1 Phpcms | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7. | |||||
| CVE-2006-3562 | 1 Plume-cms | 1 Plume Cms | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725. | |||||
| CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2006-1896 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. | |||||
| CVE-2006-0398 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
| CVE-2006-3530 | 1 Joomla | 1 Pc Cookbook | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | |||||
| CVE-2006-1031 | 1 Igenus | 1 Igenus Webmail | 2025-04-03 | 7.5 HIGH | N/A |
| config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | |||||
| CVE-2006-0207 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | |||||
| CVE-2003-0498 | 1 Intersystems | 1 Cache Database | 2025-04-03 | 7.2 HIGH | N/A |
| Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. | |||||
| CVE-2002-0495 | 1 Cgiscript | 1 Cssearch Professional | 2025-04-03 | 10.0 HIGH | N/A |
| csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. | |||||
| CVE-2006-4583 | 1 Darrens 5-dollar Script Archive | 1 Flashchat | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php. | |||||
| CVE-2006-1039 | 1 Sap | 1 Sap Web Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
| SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | |||||
| CVE-2002-2249 | 1 Php Evolution | 1 News Evolution | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | |||||
| CVE-2005-1155 | 1 Mozilla | 2 Firefox, Mozilla | 2025-04-03 | 7.5 HIGH | N/A |
| The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | |||||
| CVE-1999-0891 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
| The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. | |||||