Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0679 | Code Injection vulnerability in Stadtaus Tell A Friend Script PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-03-10 | CVE-2005-0748 | Code Injection vulnerability in Webinsta Mailing Manager 1.3D PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-03-08 | CVE-2005-0720 | Code Injection vulnerability in Mcnews 1.3 PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2005-01-24 | CVE-2005-0103 | Code Injection vulnerability in Squirrelmail PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-2740 | Code Injection vulnerability in PHProjekt PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter. | 4.3 |
| 2004-12-31 | CVE-2004-1423 | Code Injection vulnerability in PHP-Calendar Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php. | 7.5 |
| 2004-12-31 | CVE-2004-1419 | Code Injection vulnerability in Zeroboard 4.1Pl2/4.1Pl3/4.1Pl4 PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | 6.8 |
| 2004-12-31 | CVE-2004-1166 | Code Injection vulnerability in Microsoft IE and Internet Explorer CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | 7.5 |
| 2004-09-02 | CVE-2004-0637 | Code Injection vulnerability in Oracle Oracle8I and Oracle9I Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible. | 6.5 |
| 2004-04-11 | CVE-2004-1926 | Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | 7.5 |