Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-03 | CVE-2006-0064 | Code Injection vulnerability in Devellion Cubecart PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. | 7.5 |
2005-12-31 | CVE-2005-4874 | Code Injection vulnerability in Mozilla 1.7.8 The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object. | 4.3 |
2005-12-29 | CVE-2005-4573 | Code Injection vulnerability in Plogger PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter. | 7.5 |
2005-12-13 | CVE-2005-4209 | Code Injection vulnerability in Alt-N Mdaemon and Worldclient WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability. | 4.3 |
2005-11-29 | CVE-2005-3861 | Code Injection vulnerability in PHPgreetz PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. | 7.5 |
2005-11-29 | CVE-2005-3860 | Code Injection vulnerability in Oliver MAY Athena PHP Website Administration 0.1A PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. | 7.5 |
2005-11-29 | CVE-2005-3859 | Code Injection vulnerability in Q-News 2.0 PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. | 7.5 |
2005-11-26 | CVE-2005-3835 | Code Injection vulnerability in Desklance PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. | 7.5 |
2005-11-23 | CVE-2005-3775 | Code Injection vulnerability in Pollvote PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. | 7.5 |
2005-11-17 | CVE-2005-3650 | Code Injection vulnerability in First4Internet XCP DRM First4Internet XCP DRM The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode. | 9.3 |