Total
5949 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2779 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. | ||||
| CVE-2002-1991 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php. | ||||
| CVE-2006-1306 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | N/A |
| Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." | ||||
| CVE-2006-2388 | 1 Microsoft | 2 Excel, Excel Viewer | 2025-04-03 | N/A |
| Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. | ||||
| CVE-2003-1411 | 1 Isoca | 1 Cedric Email Reader | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | ||||
| CVE-2005-4573 | 1 Plogger | 1 Plogger | 2025-04-03 | N/A |
| PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter. | ||||
| CVE-1999-0491 | 1 Gnu | 1 Bash | 2025-04-03 | N/A |
| The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. | ||||
| CVE-2006-4863 | 1 Marc Cagninacci | 1 Mclinkscounter | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. NOTE: CVE also disputes a later report of this vulnerability in 1.2, because the langfile parameter is set to french.php in 1.2 | ||||
| CVE-2003-1500 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter. | ||||
| CVE-2006-3144 | 1 Ibd | 1 Micro Cms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences. | ||||
| CVE-2003-1459 | 1 Ttcms | 2 Ttcms, Ttforum | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. | ||||
| CVE-2006-4285 | 1 Fscripts | 1 Fantastic News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected. | ||||
| CVE-2003-1385 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-03 | N/A |
| ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2005-3861 | 1 Phpgreetz | 1 Phpgreetz | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | ||||
| CVE-2006-1890 | 1 Mywebland | 1 Myevent | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in myWebland myEvent 1.2 allow remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter in (1) event.php and (2) initialize.php. NOTE: vector 2 was later reported to affect 1.4 as well. | ||||
| CVE-1999-0509 | 2025-04-03 | N/A | ||
| Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2006-2395 | 1 Popsoft Digital | 1 Popphoto | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update." | ||||
| CVE-2006-4215 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoadConfig[999][0][loadFile] parameter. | ||||
| CVE-2006-4869 | 1 Perlunity | 1 Phpunity Postcard | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter. | ||||
| CVE-2006-1781 | 1 Circle R | 1 Monster Top List | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected. | ||||