Search Results (5825 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3210 1 Le Ralf 1 Ralf Image Gallery 2025-04-03 N/A
Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.
CVE-2006-1636 1 Vwar 1 Virtual War 2025-04-03 N/A
PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.
CVE-2006-3966 2 Carlos Sanchez Valle, Php Layers Menu 2 Mynewsgroups, Php Layers Menu 2025-04-03 N/A
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
CVE-2006-3980 1 Mambo 1 Mambo Gallery Manager 2025-04-03 N/A
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2005-1894 1 Flatnuke 1 Flatnuke 2025-04-03 N/A
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
CVE-2006-3136 1 Nucleus Group 1 Nucleus Cms 2025-04-03 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used
CVE-2006-4270 1 Mambo 1 Mambelfish Component 2025-04-03 N/A
PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3750 1 Hashcash 1 Hashcash 2025-04-03 N/A
PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2003-1227 1 Gallery Project 1 Gallery 2025-04-03 N/A
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
CVE-2005-2703 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
CVE-2003-1410 1 Isoca 1 Cedric Email Reader 2025-04-03 N/A
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
CVE-2006-0207 1 Php 1 Php 2025-04-03 N/A
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
CVE-2003-1412 1 Gonicus 1 Gonicus System Administration 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
CVE-2003-1459 1 Ttcms 2 Ttcms, Ttforum 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
CVE-2005-3650 1 First4internet Xcp Drm 1 First4internet Xcp Drm 2025-04-03 N/A
The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
CVE-2005-3835 1 Desklance 1 Desklance 2025-04-03 N/A
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.
CVE-2006-4858 1 Mamboxchange 1 Serverstat Component 2025-04-03 N/A
PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4671 1 Fscripts 1 Fantastic News 2025-04-03 N/A
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154.
CVE-2006-4639 1 C-news.fr 1 C-news 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information.
CVE-2006-0397 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.