Vulnerabilities (CVE)

Filtered by CWE-94
Total 3185 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-0720 1 Mcnews 1 Mcnews 2023-12-10 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.
CVE-2006-4270 1 Mambo 1 Mambelfish Component 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-2852 1 Dotwidget 1 Dotwidget Cms 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php.
CVE-2006-3947 1 Mambo 1 Mambatstaff 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-1540 1 Microsoft 1 Office 2023-12-10 9.3 HIGH N/A
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.
CVE-2006-4476 1 Joomla 1 Joomla 2023-12-10 7.5 HIGH N/A
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL.
CVE-2006-0659 1 Runcms 1 Runcms 2023-12-10 6.8 MEDIUM N/A
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.
CVE-2005-1996 1 Bitrix 1 Bitrix Site Manager 2023-12-10 5.0 MEDIUM N/A
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.
CVE-2006-0399 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.5 HIGH N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2006-3528 1 Mamboxchange 1 Simpleboard 2023-12-10 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php.
CVE-2006-1636 1 Vwar 1 Virtual War 2023-12-10 7.5 HIGH N/A
PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.
CVE-2002-2297 1 Atthat.com 1 Thatware 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2000-0155 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2023-12-10 7.2 HIGH N/A
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
CVE-1999-0891 1 Microsoft 1 Internet Explorer 2023-12-10 5.0 MEDIUM N/A
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-2002-2019 1 Oscommerce 1 Oscommerce 2023-12-10 7.5 HIGH N/A
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
CVE-2001-0307 1 Bajie 1 Java Http Server 2023-12-10 7.5 HIGH N/A
Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist.
CVE-2002-2298 1 Atthat.com 1 Thatware 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter.
CVE-2003-1410 1 Isoca 1 Cedric Email Reader 2023-12-10 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
CVE-2001-0308 1 Bajie 1 Java Http Server 2023-12-10 7.5 HIGH N/A
UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program.
CVE-2003-1385 1 Invision Power Services 1 Invision Power Board 2023-12-10 6.8 MEDIUM N/A
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.