Total
5584 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4858 | 1 Mamboxchange | 1 Serverstat Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | ||||
| CVE-2003-1410 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | ||||
| CVE-2006-4672 | 1 Profitcode | 1 Ppalcart | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php. | ||||
| CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | ||||
| CVE-2003-1412 | 1 Gonicus | 1 Gonicus System Administration | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. | ||||
| CVE-2006-3847 | 1 Canebluem | 1 Mospray | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter. | ||||
| CVE-2006-1031 | 1 Igenus | 1 Igenus Webmail | 2025-04-03 | N/A |
| config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | ||||
| CVE-2006-1636 | 1 Vwar | 1 Virtual War | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503. | ||||
| CVE-2006-3019 | 1 Phpcms | 1 Phpcms | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7. | ||||
| CVE-2006-0723 | 1 Reamday Enterprises | 1 Magic News Lite | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | ||||
| CVE-2005-3859 | 1 Q-news | 1 Q-news | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
| CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | N/A |
| Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | ||||
| CVE-2005-3860 | 1 Oliver May | 1 Athena Php Website Administration | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. | ||||
| CVE-2005-0748 | 1 Webinsta | 1 Webinsta Mailing Manager | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2002-0495 | 1 Cgiscript | 1 Cssearch Professional | 2025-04-03 | N/A |
| csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. | ||||
| CVE-2005-0720 | 1 Mcnews | 1 Mcnews | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2006-0565 | 1 Gerrit Van Aaken | 1 Loudblog | 2025-04-03 | N/A |
| PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter. | ||||
| CVE-2006-4215 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter. | ||||
| CVE-2006-4159 | 1 Chaussette | 1 Chaussette | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php. | ||||