Search Results (6987 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3554 1 Phpkit 1 Phpkit 2026-04-16 N/A
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables.
CVE-2005-2703 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
CVE-2005-1921 6 Debian, Drupal, Gggeek and 3 more 6 Debian Linux, Drupal, Phpxmlrpc and 3 more 2026-04-16 N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2005-1894 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.
CVE-2005-1876 1 Cutephp 1 Cutenews 2026-04-16 4.5 Medium
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
CVE-2005-0227 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
CVE-2005-0103 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-16 N/A
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
CVE-2004-1926 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
CVE-2004-1166 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
CVE-2003-1253 1 Sangwan Kim 1 Bookmark4u 2026-04-16 N/A
PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php.
CVE-2003-1240 1 Cutephp 1 Cutenews 2026-04-16 N/A
PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php.
CVE-2003-1227 1 Gallery Project 1 Gallery 2026-04-16 N/A
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
CVE-2003-0395 1 Myupb 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
CVE-2002-2019 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter.
CVE-2002-1991 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary commands via the include_file parameter to include_once.php.
CVE-2006-4130 1 Matt Smith 1 Remository For Mambo 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-4965 1 Apple 1 Quicktime 2026-04-16 N/A
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
CVE-2006-4863 1 Marc Cagninacci 1 Mclinkscounter 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file. NOTE: CVE also disputes a later report of this vulnerability in 1.2, because the langfile parameter is set to french.php in 1.2
CVE-2006-2315 1 Ispconfig 1 Ispconfig 2026-04-16 N/A
PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled
CVE-2006-4844 2 Claroline, Dokeos 2 Claroline, Open Source Learning And Knowledge Management Tool 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.