Total
4640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3210 | 1 Le Ralf | 1 Ralf Image Gallery | 2025-04-03 | 5.1 MEDIUM | N/A |
| Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2006-0207 | 1 Php | 1 Php | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | |||||
| CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | |||||
| CVE-2005-0720 | 1 Mcnews | 1 Mcnews | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2006-4869 | 1 Perlunity | 1 Phpunity Postcard | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter. | |||||
| CVE-2006-1359 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. | |||||
| CVE-1999-0509 | 2025-04-03 | 10.0 HIGH | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2006-0723 | 1 Reamday Enterprises | 1 Magic News Lite | 2025-04-03 | 2.6 LOW | N/A |
| PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | |||||
| CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3136 | 1 Nucleus Group | 1 Nucleus Cms | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used | |||||
| CVE-2006-2852 | 1 Dotwidget | 1 Dotwidget Cms | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php. | |||||
| CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | |||||
| CVE-2005-3775 | 1 Pollvote | 1 Pollvote | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | |||||
| CVE-2006-3776 | 1 Idevspot | 2 Autohost, Phphostbot | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-3172 | 1 Content\*builder | 1 Content\*builder | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php, (b) cms/plugins/poll/poll.inc.php, (c) cms/plugins/user_managment/usrPortrait.inc.php, (d) cms/plugins/user_managment/user.inc.php, (e) cms/plugins/media_manager/media.inc.php, (f) cms/plugins/events/permanent.eventMonth.inc.php, (g) cms/plugins/events/events.inc.php, and (h) cms/plugins/newsletter2/newsletter.inc.php; (2) path[cb] parameter to (i) modules/guestbook/guestbook.inc.php, (j) modules/shoutbox/shoutBox.php, and (k) modules/sitemap/sitemap.inc.php; and the (3) rel parameter to (l) modules/download/overview.inc.php, (m) modules/download/detailView.inc.php, (n) modules/article/fullarticle.inc.php, (o) modules/article/comments.inc.php, (p) modules/article2/overview.inc.php, (q) modules/article2/fullarticle.inc.php, (r) modules/article2/comments.inc.php, (s) modules/headline/headlineBox.php, and (t) modules/headline/showHeadline.inc.php. | |||||
| CVE-2003-1253 | 1 Sangwan Kim | 1 Bookmark4u | 2025-04-03 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. | |||||
| CVE-2006-3395 | 1 Webdesignhq | 1 Sitebuilder-fx | 2025-04-03 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. | |||||
| CVE-2006-3750 | 1 Hashcash | 1 Hashcash | 2025-04-03 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4159 | 1 Chaussette | 1 Chaussette | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php. | |||||
| CVE-2006-2388 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | 9.3 HIGH | N/A |
| Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. | |||||