Total
3200 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2245 | 1 Phpbb Group | 1 Phpbb-auction | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | |||||
CVE-2005-3861 | 1 Phpgreetz | 1 Phpgreetz | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | |||||
CVE-2006-2548 | 2 Perlpodder, Prodder | 2 Perlpodder, Prodder | 2023-12-10 | 7.5 HIGH | N/A |
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget. | |||||
CVE-2006-0397 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
CVE-2006-2286 | 1 Dokeos | 2 Dokeos, Dokeos Community Release | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php. | |||||
CVE-2006-2780 | 1 Mozilla | 2 Firefox, Thunderbird | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. | |||||
CVE-2005-1155 | 1 Mozilla | 2 Firefox, Mozilla | 2023-12-10 | 7.5 HIGH | N/A |
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | |||||
CVE-2006-4285 | 1 Fscripts | 1 Fantastic News | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected. | |||||
CVE-2006-4111 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2023-12-10 | 7.5 HIGH | N/A |
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | |||||
CVE-2006-4639 | 1 C-news.fr | 1 C-news | 2023-12-10 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information. | |||||
CVE-2006-2681 | 1 Socketmail | 1 Socketmail | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter to (1) index.php and (2) inc-common.php. | |||||
CVE-2006-0144 | 2 Apache2triad, Php | 2 Apache2triad, Pear | 2023-12-10 | 7.5 HIGH | N/A |
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | |||||
CVE-2006-1031 | 1 Igenus | 1 Igenus Webmail | 2023-12-10 | 7.5 HIGH | N/A |
config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | |||||
CVE-2006-2388 | 1 Microsoft | 2 Excel, Excel Viewer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. | |||||
CVE-2006-1316 | 1 Microsoft | 1 Office | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. | |||||
CVE-2006-3749 | 1 Mambo | 1 Sitemap | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3442 | 1 Microsoft | 1 Windows Xp | 2023-12-10 | 7.6 HIGH | N/A |
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. | |||||
CVE-2006-4215 | 1 Zen Cart | 1 Zen Cart | 2023-12-10 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter. | |||||
CVE-2006-1491 | 1 Horde | 1 Application Framework | 2023-12-10 | 7.5 HIGH | N/A |
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. |