Total
6168 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0236 | 1 Mozilla | 1 Thunderbird | 2025-04-03 | N/A |
| GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. | ||||
| CVE-2005-1527 | 3 Awstats, Canonical, Debian | 3 Awstats, Ubuntu Linux, Debian Linux | 2025-04-03 | N/A |
| Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. | ||||
| CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | ||||
| CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2005-0679 | 1 Stadtaus | 1 Tell A Friend Script | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected. | ||||
| CVE-2005-2703 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | ||||
| CVE-2005-2498 | 3 Debian, Gggeek, Redhat | 3 Debian Linux, Phpxmlrpc, Enterprise Linux | 2025-04-03 | N/A |
| Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||||
| CVE-2006-0144 | 2 Apache2triad, Php | 2 Apache2triad, Pear | 2025-04-03 | N/A |
| The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. | ||||
| CVE-2005-0709 | 3 Mysql, Oracle, Redhat | 4 Mysql, Mysql, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit. | ||||
| CVE-2006-0207 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | ||||
| CVE-2006-4533 | 1 Plume-cms | 1 Plume Cms | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725. | ||||
| CVE-2006-2860 | 1 Webspot | 1 Webspotblogging | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) inc/logincheck.inc.php, (2) inc/adminheader.inc.php, (3) inc/global.php, or (4) inc/mainheader.inc.php. NOTE: some of these vectors were also reported for 3.0 in a separate disclosure. | ||||
| CVE-2006-2852 | 1 Dotwidget | 1 Dotwidget Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter in (1) index.php, (2) feedback.php, and (3) printfriendly.php. | ||||
| CVE-2006-2767 | 1 Ottoman | 1 Ottoman | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php. | ||||
| CVE-2001-0307 | 1 Bajie | 1 Java Http Server | 2025-04-03 | N/A |
| Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | ||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | ||||
| CVE-2006-4195 | 1 Mamboxchange | 1 Peoplebook | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2005-4573 | 1 Plogger | 1 Plogger | 2025-04-03 | N/A |
| PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter. | ||||
| CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | ||||
| CVE-2004-1166 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | ||||