Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1491 | Code Injection vulnerability in Kerio Personal Firewall 2.1.4 Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | 7.5 |
| 2003-12-31 | CVE-2003-1459 | Code Injection vulnerability in Ttcms and Ttforum Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. | 6.8 |
| 2003-12-31 | CVE-2003-1436 | Code Injection vulnerability in Crossnuke Nukebrowser PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1432 | Code Injection vulnerability in Epic Games Unreal Engine and Unreal Tournament 2003 Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file. | 10.0 |
| 2003-12-31 | CVE-2003-1412 | Code Injection vulnerability in Gonicus System Administration 1.0 PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. | 6.8 |
| 2003-12-31 | CVE-2003-1411 | Code Injection vulnerability in Isoca Cedric Email Reader 0.4 PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1410 | Code Injection vulnerability in Isoca Cedric Email Reader 0.2/0.3 PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1406 | Code Injection vulnerability in Adalis Infomatique D Forum 1.0/1.10/1.11 PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | 7.5 |
| 2003-12-31 | CVE-2003-1385 | Code Injection vulnerability in Invision Power Services Invision Power Board 1.1.1 ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code. | 6.8 |
| 2003-12-31 | CVE-2003-1253 | Code Injection vulnerability in Sangwan KIM Bookmark4U 1.8.3 PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php. | 7.5 |