Total
3562 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3777 | 1 Idevspot | 1 Phplinkexchange | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-3980 | 1 Mambo | 1 Mambo Gallery Manager | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3750 | 1 Hashcash | 1 Hashcash | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-0064 | 1 Devellion | 1 Cubecart | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | |||||
| CVE-2006-4671 | 1 Fscripts | 1 Fantastic News | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. | |||||
| CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2024-02-04 | 6.8 MEDIUM | N/A |
| ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1166 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-02-04 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | |||||
| CVE-2001-0308 | 1 Bajie | 1 Java Http Server | 2024-02-04 | 7.5 HIGH | N/A |
| UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... (modified ..) to access the file that was created for the program. | |||||
| CVE-2004-0637 | 1 Oracle | 2 Oracle8i, Oracle9i | 2024-02-04 | 6.5 MEDIUM | N/A |
| Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | |||||
| CVE-2004-1423 | 1 Php-calendar | 1 Php-calendar | 2024-02-04 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php. | |||||
| CVE-2002-2298 | 1 Atthat.com | 1 Thatware | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | |||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2024-02-04 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | |||||
| CVE-2003-1240 | 1 Cutephp | 1 Cutenews | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | |||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2024-02-04 | 4.6 MEDIUM | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | |||||
| CVE-2003-1227 | 1 Gallery Project | 1 Gallery | 2024-02-04 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. | |||||
| CVE-2001-0307 | 1 Bajie | 1 Java Http Server | 2024-02-04 | 7.5 HIGH | N/A |
| Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | |||||
| CVE-2003-1432 | 1 Epic Games | 2 Unreal Engine, Unreal Tournament 2003 | 2024-02-04 | 10.0 HIGH | N/A |
| Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | |||||
| CVE-1999-0509 | 2024-02-04 | 10.0 HIGH | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2000-0155 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2024-02-04 | 7.2 HIGH | N/A |
| Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||||
| CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2024-02-04 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | |||||