Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-01 | CVE-2006-0945 | Code Injection vulnerability in Archangelmgt Weblog 0.90.02 PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | 6.5 |
2006-02-25 | CVE-2006-0887 | Code Injection vulnerability in PHPlib Team PHPlib 7.4 Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. | 7.5 |
2006-02-23 | CVE-2006-0854 | Code Injection vulnerability in Intensive Point Iuser Ecommerce PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | 7.5 |
2006-02-16 | CVE-2006-0725 | Code Injection vulnerability in Plume-Cms Plume CMS 1.0.2 PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. | 6.8 |
2006-02-16 | CVE-2006-0723 | Code Injection vulnerability in Reamday Enterprises Magic News Lite 1.2.3 PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter. | 2.6 |
2006-02-13 | CVE-2006-0659 | Code Injection vulnerability in Runcms 1.1/1.1A Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | 6.8 |
2006-02-06 | CVE-2006-0565 | Code Injection vulnerability in Gerrit VAN Aaken Loudblog 0.1/0.2/0.3 PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter. | 7.5 |
2006-01-21 | CVE-2006-0332 | Code Injection vulnerability in Ecartis 1.0.0Snapshot20050909 Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. | 6.4 |
2006-01-19 | CVE-2006-0308 | Code Injection vulnerability in Htmltonuke 2.0Alpha PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter. | 7.5 |
2006-01-18 | CVE-2006-0236 | Code Injection vulnerability in Mozilla Thunderbird GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. | 5.1 |