Total
3704 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2005-3860 | 1 Oliver May | 1 Athena Php Website Administration | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. | ||||
CVE-2005-3859 | 1 Q-news | 1 Q-news | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | ||||
CVE-2005-3835 | 1 Desklance | 1 Desklance | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. | ||||
CVE-2005-3775 | 1 Pollvote | 1 Pollvote | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | ||||
CVE-2005-3650 | 1 First4internet Xcp Drm | 1 First4internet Xcp Drm | 2024-08-07 | N/A |
The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode. | ||||
CVE-2005-3554 | 1 Phpkit | 1 Phpkit | 2024-08-07 | N/A |
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | ||||
CVE-2005-3571 | 1 Codegrrl | 5 Phpcalendar, Phpclique, Phpcurrently and 2 more | 2024-08-07 | N/A |
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected. | ||||
CVE-2005-3302 | 2 Blender, Debian | 2 Blender, Debian Linux | 2024-08-07 | N/A |
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. | ||||
CVE-2005-2703 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2024-08-07 | N/A |
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | ||||
CVE-2005-2498 | 3 Debian, Gggeek, Redhat | 3 Debian Linux, Phpxmlrpc, Enterprise Linux | 2024-08-07 | N/A |
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||||
CVE-2005-1996 | 1 Bitrix | 1 Bitrix Site Manager | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter. | ||||
CVE-2005-1965 | 1 Glen Campbell | 1 Siteframe | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter. | ||||
CVE-2005-1894 | 1 Flatnuke | 1 Flatnuke | 2024-08-07 | N/A |
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker. | ||||
CVE-2005-1921 | 6 Debian, Drupal, Gggeek and 3 more | 6 Debian Linux, Drupal, Phpxmlrpc and 3 more | 2024-08-07 | N/A |
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement. | ||||
CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2024-08-07 | N/A |
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | ||||
CVE-2005-1527 | 3 Awstats, Canonical, Debian | 3 Awstats, Ubuntu Linux, Debian Linux | 2024-08-07 | N/A |
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. | ||||
CVE-2005-1155 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2024-08-07 | N/A |
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | ||||
CVE-2005-0748 | 1 Webinsta | 1 Webinsta Mailing Manager | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | ||||
CVE-2005-0720 | 1 Mcnews | 1 Mcnews | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | ||||
CVE-2005-0679 | 1 Stadtaus | 1 Tell A Friend Script | 2024-08-07 | N/A |
PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected. |