Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-12-31 | CVE-2002-2299 | Code Injection vulnerability in Atthat.Com Thatware PHP remote file inclusion vulnerability in thatfile.php in Thatware 0.3 through 0.5.2 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | 6.8 |
2002-12-31 | CVE-2002-2298 | Code Injection vulnerability in Atthat.Com Thatware PHP remote file inclusion vulnerability in config.php in Thatware 0.3 through 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | 6.8 |
2002-12-31 | CVE-2002-2297 | Code Injection vulnerability in Atthat.Com Thatware 0.5.2/0.5.3 PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5.2 and 0.5.3 allows remote attackers to execute arbitrary PHP code via the root_path parameter. | 6.8 |
2002-12-31 | CVE-2002-2287 | Code Injection vulnerability in PHPbb Advanced Quick Reply Hack 1.0.0/1.1.0 PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | 7.5 |
2002-12-31 | CVE-2002-2249 | Code Injection vulnerability in PHP Evolution News Evolution 1.0/2.0 PHP remote file inclusion vulnerability in News Evolution 2.0 allows remote attackers to execute arbitrary PHP commands via the neurl parameter to (1) backend.php, (2) screen.php, or (3) admin/modules/comment.php. | 7.5 |
2001-05-03 | CVE-2001-0308 | Code Injection vulnerability in Bajie Java Http Server UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a ... | 7.5 |
2001-05-03 | CVE-2001-0307 | Code Injection vulnerability in Bajie Java Http Server Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. | 7.5 |
1996-05-29 | CVE-1999-0509 | Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands. | 10.0 |