Total
5949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-0495 | 1 Cgiscript | 1 Cssearch Professional | 2025-04-03 | N/A |
| csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi. | ||||
| CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2025-04-03 | 7.3 High |
| Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. | ||||
| CVE-2006-4159 | 1 Chaussette | 1 Chaussette | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ including (1) Evenement.php, (2) Event.php, (3) Event_for_month.php, (4) Event_for_week.php, (5) My_Log.php, (6) My_Smarty.php, and possibly (7) Event_for_month_per_day.php. | ||||
| CVE-2002-1750 | 1 Cgiscript | 1 Csguestbook | 2025-04-03 | N/A |
| csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function. | ||||
| CVE-2002-2249 | 1 Php Evolution | 1 News Evolution | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | ||||
| CVE-2002-2297 | 1 Atthat.com | 1 Thatware | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | ||||
| CVE-1999-0509 | 2025-04-03 | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2006-3847 | 1 Canebluem | 1 Mospray | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter. | ||||
| CVE-2006-0207 | 1 Php | 1 Php | 2025-04-03 | N/A |
| Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | ||||
| CVE-2003-0498 | 1 Intersystems | 1 Cache Database | 2025-04-03 | N/A |
| Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges. | ||||
| CVE-2003-1227 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. | ||||
| CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2003-1410 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | ||||
| CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | ||||
| CVE-2006-4649 | 1 Bingo News | 1 Bingo News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter. | ||||
| CVE-2006-1749 | 1 Smartisoft | 1 Phplistpro | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. NOTE: this issue was later reported to affect 2.01 as well. | ||||
| CVE-2006-2281 | 1 X-scripts | 1 X-poll | 2025-04-03 | N/A |
| X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it. | ||||
| CVE-2006-2389 | 1 Microsoft | 1 Office | 2025-04-03 | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. | ||||
| CVE-2006-2548 | 2 Perlpodder, Prodder | 2 Perlpodder, Prodder | 2025-04-03 | N/A |
| Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget. | ||||
| CVE-2006-2685 | 1 Kevin Johnson | 1 Basic Analysis And Security Engine | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. | ||||