Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-13 | CVE-2006-1781 | Code Injection vulnerability in Circle R Monster TOP List PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | 7.5 |
| 2006-04-12 | CVE-2006-1749 | Code Injection vulnerability in Smartisoft PHPlistpro 2.01 PHP remote file inclusion vulnerability in config.php in phpListPro 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the returnpath parameter. | 7.5 |
| 2006-04-06 | CVE-2006-1636 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. | 7.5 |
| 2006-04-04 | CVE-2006-1610 | Code Injection vulnerability in Squery PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | 5.1 |
| 2006-03-30 | CVE-2006-1540 | Code Injection vulnerability in Microsoft Office MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. | 9.3 |
| 2006-03-30 | CVE-2006-1503 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. | 5.1 |
| 2006-03-29 | CVE-2006-1491 | Code Injection vulnerability in Horde Application Framework Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | 7.5 |
| 2006-03-23 | CVE-2006-1371 | Code Injection vulnerability in XHP CMS Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. | 9.0 |
| 2006-03-23 | CVE-2006-1359 | Code Injection vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. | 9.3 |
| 2006-03-19 | CVE-2006-1251 | Code Injection vulnerability in Sa-Exim 4.0/4.1/4.2 Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command. | 5.0 |