Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-29 | CVE-2006-6958 | Code Injection vulnerability in PHPbluedragon CMS 2.9.1 Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon 2.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter to (1) team_admin.php, (2) rss_admin.php, (3) manual_admin.php, and (4) forum_admin.php in includes/root_modules/, a different set of vectors than CVE-2006-3076. | 7.5 |
| 2007-01-29 | CVE-2006-6957 | Code Injection vulnerability in Docebo PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. | 6.8 |
| 2007-01-25 | CVE-2007-0501 | Code Injection vulnerability in Mafia Scum Tools Mafia Scum Tools PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators (adv-random-gen) allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter. | 6.8 |
| 2007-01-25 | CVE-2007-0499 | Code Injection vulnerability in Sangwan KIM PHPindexpage PHP remote file inclusion vulnerability in config.php in Sangwan Kim phpIndexPage 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[inc_path] parameter. | 6.8 |
| 2007-01-09 | CVE-2007-0134 | Code Injection vulnerability in Igeneric IG Shop 1.0/1.4 Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. | 7.5 |
| 2007-01-09 | CVE-2007-0127 | Code Injection vulnerability in Opera Browser The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call. | 9.3 |
| 2006-12-31 | CVE-2006-6887 | Code Injection vulnerability in Logahead UNU 1.0 Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. | 6.8 |
| 2006-12-31 | CVE-2006-4695 | Code Injection vulnerability in Microsoft Office web Components 2000 Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability." | 9.3 |
| 2006-12-27 | CVE-2006-6760 | Code Injection vulnerability in PHPmymanga Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter. | 7.5 |
| 2006-12-27 | CVE-2006-6748 | Code Injection vulnerability in Newxooper PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 7.5 |