Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-24 | CVE-2006-3774 | Code Injection vulnerability in Joomla Performs Component PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-24 | CVE-2006-3773 | Code Injection vulnerability in Mambo Smf-Forum 1.3.1.3Bridgecomponent PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-21 | CVE-2006-3751 | Code Injection vulnerability in Htmlarea3 1.5 PHP remote file inclusion vulnerability in popups/ImageManager/config.inc.php in the HTMLArea3 Addon Component (com_htmlarea3_xtd-c) for ImageManager 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-21 | CVE-2006-3750 | Code Injection vulnerability in Hashcash 1.2.1 PHP remote file inclusion vulnerability in server.php in the Hashcash Component (com_hashcash) 1.2.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-21 | CVE-2006-3749 | Code Injection vulnerability in Mambo Sitemap 2.0.0 PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-21 | CVE-2006-3748 | Code Injection vulnerability in Mamboxchange Loudmouth 4.0J PHP remote file inclusion vulnerability in includes/abbc/abbc.class.php in the LoudMouth Component for Mambo 4.0j, and possibly other versions including 4.1, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
2006-07-21 | CVE-2006-3730 | Code Injection vulnerability in Microsoft IE and Internet Explorer Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy. | 9.3 |
2006-07-13 | CVE-2006-1309 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. | 9.3 |
2006-07-13 | CVE-2006-1301 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. | 9.3 |
2006-07-13 | CVE-2006-2388 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. | 9.3 |