Total
3192 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0565 | 1 Gerrit Van Aaken | 1 Loudblog | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter. | |||||
CVE-2006-3750 | 1 Hashcash | 1 Hashcash | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-4195 | 1 Mamboxchange | 1 Peoplebook | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-1309 | 1 Microsoft | 2 Excel, Excel Viewer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. | |||||
CVE-2006-1306 | 1 Microsoft | 2 Excel, Excel Viewer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." | |||||
CVE-2006-3556 | 1 Extcalendar | 1 Extcalendar | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-0887 | 1 Phplib Team | 1 Phplib | 2023-12-10 | 7.5 HIGH | N/A |
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory. | |||||
CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | |||||
CVE-2006-1890 | 1 Mywebland | 1 Myevent | 2023-12-10 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initialize.php. NOTE: vector 2 was later reported to affect 1.4 as well. | |||||
CVE-2006-1039 | 1 Sap | 1 Sap Web Application Server | 2023-12-10 | 6.4 MEDIUM | N/A |
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | |||||
CVE-2006-3562 | 1 Plume-cms | 1 Plume Cms | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725. | |||||
CVE-2005-3554 | 1 Phpkit | 1 Phpkit | 2023-12-10 | 5.1 MEDIUM | N/A |
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | |||||
CVE-2006-1301 | 1 Microsoft | 2 Excel, Excel Viewer | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. | |||||
CVE-2006-3751 | 1 Htmlarea3 | 1 Htmlarea3 | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-3777 | 1 Idevspot | 1 Phplinkexchange | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2006-3776 | 1 Idevspot | 2 Autohost, Phphostbot | 2023-12-10 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
CVE-2006-3193 | 1 Grayscale | 1 Bandsite Cms | 2023-12-10 | 5.1 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php. | |||||
CVE-2006-3748 | 1 Mamboxchange | 1 Loudmouth | 2023-12-10 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2005-0227 | 1 Postgresql | 1 Postgresql | 2023-12-10 | 4.3 MEDIUM | N/A |
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension. | |||||
CVE-2006-4624 | 1 Gnu | 1 Mailman | 2023-12-10 | 2.6 LOW | N/A |
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. |