Total
6187 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4159 | 1 Chaussette | 1 Chaussette | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php. | ||||
| CVE-2006-4074 | 1 Joomla | 1 Jd-wiki | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4026 | 1 Redgraphic | 1 Sapid Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php. | ||||
| CVE-2006-3995 | 1 User Home Pages | 1 User Home Pages | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3980 | 1 Mambo | 1 Mambo Gallery Manager | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3966 | 2 Carlos Sanchez Valle, Php Layers Menu | 2 Mynewsgroups, Php Layers Menu | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. | ||||
| CVE-2006-3846 | 1 Mambo | 1 Mambo Multibanners | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-1303 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. | ||||
| CVE-2006-1304 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | N/A |
| Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." | ||||
| CVE-2006-3777 | 1 Idevspot | 1 Phplinkexchange | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-3751 | 1 Htmlarea3 | 1 Htmlarea3 | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-4844 | 2 Claroline, Dokeos | 2 Claroline, Open Source Learning And Knowledge Management Tool | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. | ||||
| CVE-2005-3571 | 1 Codegrrl | 5 Phpcalendar, Phpclique, Phpcurrently and 2 more | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected. | ||||
| CVE-2004-1419 | 1 Zeroboard | 1 Zeroboard | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | ||||
| CVE-2006-0332 | 1 Ecartis | 1 Ecartis | 2025-04-03 | N/A |
| Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. | ||||
| CVE-2006-3847 | 1 Canebluem | 1 Mospray | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter. | ||||
| CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | ||||
| CVE-2006-1890 | 1 Mywebland | 1 Myevent | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initialize.php. NOTE: vector 2 was later reported to affect 1.4 as well. | ||||
| CVE-2005-3861 | 1 Phpgreetz | 1 Phpgreetz | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | ||||
| CVE-2005-3650 | 1 First4internet Xcp Drm | 1 First4internet Xcp Drm | 2025-04-03 | N/A |
| The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode. | ||||