Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-0399 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0398 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0397 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-10 | CVE-2006-1154 | Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.4 PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. | 7.5 |
2006-03-07 | CVE-2006-1039 | Code Injection vulnerability in SAP web Application Server 6.10/6.20/6.40 SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | 6.4 |
2006-03-07 | CVE-2006-1031 | Code Injection vulnerability in Igenus Webmail 2.0/2.01/2.02 config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | 7.5 |
2006-03-03 | CVE-2006-0388 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. | 2.6 |
2006-03-01 | CVE-2006-0945 | Code Injection vulnerability in Archangelmgt Weblog 0.90.02 PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | 6.5 |
2006-02-25 | CVE-2006-0887 | Code Injection vulnerability in PHPlib Team PHPlib 7.4 Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. | 7.5 |
2006-02-23 | CVE-2006-0854 | Code Injection vulnerability in Intensive Point Iuser Ecommerce PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | 7.5 |