Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1926 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-03 N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
CVE-2003-1432 1 Epic Games 2 Unreal Engine, Unreal Tournament 2003 2025-04-03 N/A
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
CVE-2006-4285 1 Fscripts 1 Fantastic News 2025-04-03 N/A
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.
CVE-2006-4863 1 Marc Cagninacci 1 Mclinkscounter 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. NOTE: CVE also disputes a later report of this vulnerability in 1.2, because the langfile parameter is set to french.php in 1.2
CVE-2003-1253 1 Sangwan Kim 1 Bookmark4u 2025-04-03 N/A
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
CVE-2005-1876 1 Cutephp 1 Cutenews 2025-04-03 4.5 Medium
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
CVE-2006-0332 1 Ecartis 1 Ecartis 2025-04-03 N/A
Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files.
CVE-2006-1304 1 Microsoft 2 Excel, Excel Viewer 2025-04-03 N/A
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
CVE-2006-3144 1 Ibd 1 Micro Cms 2025-04-03 N/A
PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVE-2006-3947 1 Mambo 1 Mambatstaff 2025-04-03 N/A
PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-1999-0491 1 Gnu 1 Bash 2025-04-03 N/A
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
CVE-2006-4270 1 Mambo 1 Mambelfish Component 2025-04-03 N/A
PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2003-1411 1 Isoca 1 Cedric Email Reader 2025-04-03 N/A
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
CVE-2006-4195 1 Mamboxchange 1 Peoplebook 2025-04-03 N/A
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4533 1 Plume-cms 1 Plume Cms 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, (5) sites.php, (6) subtypes.php, (7) users.php, (8) xmedia.php, (9) frontinc/class.template.php, (10) inc/lib.text.php, (11) install/index.php, (12) install/upgrade.php, and (13) tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725.
CVE-2003-1436 1 Crossnuke 1 Nukebrowser 2025-04-03 N/A
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
CVE-2006-2395 1 Popsoft Digital 1 Popphoto 2025-04-03 N/A
PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."
CVE-2006-0725 1 Plume-cms 1 Plume Cms 2025-04-03 N/A
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.
CVE-2005-1527 3 Awstats, Canonical, Debian 3 Awstats, Ubuntu Linux, Debian Linux 2025-04-03 N/A
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
CVE-2006-0854 1 Intensive Point 1 Iuser Ecommerce 2025-04-03 N/A
PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used.