Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-13 | CVE-2006-1306 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." | 9.3 |
| 2006-07-13 | CVE-2006-1304 | Code Injection vulnerability in Microsoft Excel and Excel Viewer Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." | 9.3 |
| 2006-07-13 | CVE-2006-3562 | Code Injection vulnerability in Plume-Cms Plume CMS 1.0.4 PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725. | 7.5 |
| 2006-07-13 | CVE-2006-3556 | Code Injection vulnerability in Extcalendar 2.0 PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-07-12 | CVE-2006-3530 | Code Injection vulnerability in Joomla PC Cookbook 0.3/1.3.1 PHP remote file inclusion vulnerability in com_pccookbook/pccookbook.php in the PccookBook Component for Mambo and Joomla 0.3 and possibly up to 1.3.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the mosConfig_absolute_path parameter. | 6.8 |
| 2006-07-12 | CVE-2006-3528 | Code Injection vulnerability in Mamboxchange Simpleboard Multiple PHP remote file inclusion vulnerabilities in Simpleboard Mambo module 1.1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the sbp parameter to (1) image_upload.php and (2) file_upload.php. | 6.8 |
| 2006-07-11 | CVE-2006-1316 | Code Injection vulnerability in Microsoft Office 2000/2003/Xp Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. | 9.3 |
| 2006-07-06 | CVE-2006-3396 | Code Injection vulnerability in Miro International Galleria 1.0Formambo PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-06-24 | CVE-2006-3210 | Code Injection vulnerability in LE Ralf Image Gallery Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. | 5.1 |
| 2006-06-23 | CVE-2006-3193 | Code Injection vulnerability in Grayscale Bandsite CMS 1.1.1 Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) includes/content/contact_content.php; multiple files in adminpanel/includes/add_forms/ including (2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php; (19) adminpanel/includes/mailinglist/disphtmltbl.php, and (20) adminpanel/includes/mailinglist/dispxls.php. | 5.1 |