Total
2906 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0854 | 1 Intensive Point | 1 Iuser Ecommerce | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | |||||
| CVE-2006-0725 | 1 Plume-cms | 1 Plume Cms | 2017-07-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645. | |||||
| CVE-2006-0723 | 1 Reamday Enterprises | 1 Magic News Lite | 2017-07-19 | 2.6 LOW | N/A |
| PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | |||||
| CVE-2006-1491 | 1 Horde | 1 Application Framework | 2017-07-19 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | |||||
| CVE-2006-1251 | 1 Sa-exim | 1 Sa-exim | 2017-07-19 | 5.0 MEDIUM | N/A |
| Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command. | |||||
| CVE-2006-0332 | 1 Ecartis | 1 Ecartis | 2017-07-19 | 6.4 MEDIUM | N/A |
| Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. | |||||
| CVE-2005-4209 | 1 Alt-n | 2 Mdaemon, Worldclient | 2017-07-19 | 4.3 MEDIUM | N/A |
| WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2006-0399 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
| CVE-2006-0398 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
| CVE-2006-0388 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 2.6 LOW | N/A |
| Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. | |||||
| CVE-2006-0397 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
| CVE-2005-4573 | 1 Plogger | 1 Plogger | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter. | |||||
| CVE-2017-10968 | 1 Finecms Project | 1 Finecms | 2017-07-17 | 7.5 HIGH | 9.8 CRITICAL |
| In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | |||||
| CVE-2017-11167 | 1 Finecms Project | 1 Finecms | 2017-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | |||||
| CVE-2005-3650 | 1 First4internet Xcp Drm | 1 First4internet Xcp Drm | 2017-07-10 | 9.3 HIGH | N/A |
| The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode. | |||||
| CVE-2005-3554 | 1 Phpkit | 1 Phpkit | 2017-07-10 | 5.1 MEDIUM | N/A |
| Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | |||||
| CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2017-07-10 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | |||||
| CVE-2005-1965 | 1 Glen Campbell | 1 Siteframe | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter. | |||||
| CVE-2005-0748 | 1 Webinsta | 1 Webinsta Mailing Manager | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1419 | 1 Zeroboard | 1 Zeroboard | 2017-07-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | |||||