Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-03-03 | CVE-2006-7104 | Code Injection vulnerability in Mambo Mostlyce 4.5.4 PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2007-03-03 | CVE-2006-7102 | Code Injection vulnerability in Matthias Dietrich PHPburningportal Quiz-Modul Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php. | 7.5 |
2007-03-03 | CVE-2006-7100 | Code Injection vulnerability in PHPbb Insert User PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 6.8 |
2007-03-03 | CVE-2007-1253 | Code Injection vulnerability in Blender 2.25/2.36/2.37A Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file. | 9.3 |
2007-03-03 | CVE-2007-1247 | Code Injection vulnerability in Aweb Labs Awebnews 1.5 Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php. | 6.8 |
2007-03-03 | CVE-2007-1233 | Code Injection vulnerability in Stwc-Counter PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter. | 7.5 |
2007-03-02 | CVE-2007-1165 | Code Injection vulnerability in Dbscripts Dbguestbook 1.1 Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/. | 7.5 |
2007-03-02 | CVE-2007-1164 | Code Injection vulnerability in Dbscripts Dbimagegallery 1.2.2 Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/. | 7.5 |
2007-03-02 | CVE-2007-1153 | Code Injection vulnerability in Cutephp Cutenews 1.3.6 Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. | 7.5 |
2007-03-02 | CVE-2007-1148 | Code Injection vulnerability in Lovecms 1.4 PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. | 7.5 |