Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-1688

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-10 Apr, 2006 | 23:00
Updated At-07 Aug, 2024 | 17:19
Rejected At-
Credits

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:10 Apr, 2006 | 23:00
Updated At:07 Aug, 2024 | 17:19
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.osvdb.org/24402
vdb-entry
x_refsource_OSVDB
http://www.blogcu.com/Liz0ziM/431845/
x_refsource_MISC
http://www.osvdb.org/24404
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24411
vdb-entry
x_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/1284
vdb-entry
x_refsource_VUPEN
http://www.osvdb.org/24403
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24421
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24428
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24407
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24414
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24424
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24425
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24410
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24413
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/bid/17434
vdb-entry
x_refsource_BID
http://www.osvdb.org/24412
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24406
vdb-entry
x_refsource_OSVDB
http://securityreason.com/securityalert/679
third-party-advisory
x_refsource_SREASON
http://www.osvdb.org/24409
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/19588
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/24423
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24416
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24408
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24405
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24427
vdb-entry
x_refsource_OSVDB
http://www.securityfocus.com/archive/1/439874/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/430289/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.osvdb.org/24418
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/19482
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/441015/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.osvdb.org/24426
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24401
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24429
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24422
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24420
vdb-entry
x_refsource_OSVDB
http://liz0zim.no-ip.org/alp.txt
x_refsource_MISC
http://www.osvdb.org/24419
vdb-entry
x_refsource_OSVDB
http://securitytracker.com/id?1015884
vdb-entry
x_refsource_SECTRACK
http://www.osvdb.org/24417
vdb-entry
x_refsource_OSVDB
http://www.osvdb.org/24415
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24402
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.blogcu.com/Liz0ziM/431845/
Resource:
x_refsource_MISC
Hyperlink: http://www.osvdb.org/24404
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24411
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.vupen.com/english/advisories/2006/1284
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.osvdb.org/24403
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24421
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24428
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24407
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24414
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24424
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24425
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24410
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24413
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/bid/17434
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.osvdb.org/24412
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24406
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://securityreason.com/securityalert/679
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.osvdb.org/24409
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/19588
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/24423
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24416
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24408
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24405
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24427
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/439874/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/430289/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.osvdb.org/24418
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/19482
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/441015/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.osvdb.org/24426
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24401
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24429
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24422
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24420
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://liz0zim.no-ip.org/alp.txt
Resource:
x_refsource_MISC
Hyperlink: http://www.osvdb.org/24419
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://securitytracker.com/id?1015884
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.osvdb.org/24417
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.osvdb.org/24415
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.osvdb.org/24402
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.blogcu.com/Liz0ziM/431845/
x_refsource_MISC
x_transferred
http://www.osvdb.org/24404
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24411
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.vupen.com/english/advisories/2006/1284
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.osvdb.org/24403
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24421
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24428
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24407
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24414
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24424
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24425
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24410
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24413
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/bid/17434
vdb-entry
x_refsource_BID
x_transferred
http://www.osvdb.org/24412
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24406
vdb-entry
x_refsource_OSVDB
x_transferred
http://securityreason.com/securityalert/679
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.osvdb.org/24409
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/19588
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/24423
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24416
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24408
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24405
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24427
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.securityfocus.com/archive/1/439874/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/430289/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.osvdb.org/24418
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/19482
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/441015/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.osvdb.org/24426
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24401
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24429
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24422
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24420
vdb-entry
x_refsource_OSVDB
x_transferred
http://liz0zim.no-ip.org/alp.txt
x_refsource_MISC
x_transferred
http://www.osvdb.org/24419
vdb-entry
x_refsource_OSVDB
x_transferred
http://securitytracker.com/id?1015884
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.osvdb.org/24417
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.osvdb.org/24415
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24402
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.blogcu.com/Liz0ziM/431845/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.osvdb.org/24404
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24411
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/1284
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.osvdb.org/24403
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24421
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24428
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24407
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24414
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24424
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24425
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24410
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24413
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/17434
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.osvdb.org/24412
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24406
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://securityreason.com/securityalert/679
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.osvdb.org/24409
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/19588
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/24423
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24416
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24408
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24405
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24427
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/439874/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/430289/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.osvdb.org/24418
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/19482
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/441015/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.osvdb.org/24426
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24401
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24429
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24422
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24420
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://liz0zim.no-ip.org/alp.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.osvdb.org/24419
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://securitytracker.com/id?1015884
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.osvdb.org/24417
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.osvdb.org/24415
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Apr, 2006 | 00:02
Updated At:03 Apr, 2025 | 01:03

Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in the libpath parameter to scripts in the lib directory including (1) ase.php, (2) devi.php, (3) doom3.php, (4) et.php, (5) flashpoint.php, (6) gameSpy.php, (7) gameSpy2.php, (8) gore.php, (9) gsvari.php, (10) halo.php, (11) hlife.php, (12) hlife2.php, (13) igi2.php, (14) main.lib.php, (15) netpanzer.php, (16) old_hlife.php, (17) pkill.php, (18) q2a.php, (19) q3a.php, (20) qworld.php, (21) rene.php, (22) rvbshld.php, (23) savage.php, (24) simracer.php, (25) sof1.php, (26) sof2.php, (27) unreal.php, (28) ut2004.php, and (29) vietcong.php. NOTE: the lib/armygame.php vector is already covered by CVE-2006-1610. The provenance of most of these additional vectors is unknown, although likely from post-disclosure analysis. NOTE: this only occurs when register_globals is disabled.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
squery
squery
>>squery>>Versions up to 4.5(inclusive)
cpe:2.3:a:squery:squery:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-94Primarynvd@nist.gov
CWE ID: CWE-94
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://liz0zim.no-ip.org/alp.txtcve@mitre.org
Exploit
http://secunia.com/advisories/19482cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/19588cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/679cve@mitre.org
N/A
http://securitytracker.com/id?1015884cve@mitre.org
Exploit
http://www.blogcu.com/Liz0ziM/431845/cve@mitre.org
Exploit
URL Repurposed
http://www.osvdb.org/24401cve@mitre.org
N/A
http://www.osvdb.org/24402cve@mitre.org
N/A
http://www.osvdb.org/24403cve@mitre.org
N/A
http://www.osvdb.org/24404cve@mitre.org
N/A
http://www.osvdb.org/24405cve@mitre.org
N/A
http://www.osvdb.org/24406cve@mitre.org
N/A
http://www.osvdb.org/24407cve@mitre.org
Exploit
http://www.osvdb.org/24408cve@mitre.org
N/A
http://www.osvdb.org/24409cve@mitre.org
N/A
http://www.osvdb.org/24410cve@mitre.org
N/A
http://www.osvdb.org/24411cve@mitre.org
N/A
http://www.osvdb.org/24412cve@mitre.org
N/A
http://www.osvdb.org/24413cve@mitre.org
N/A
http://www.osvdb.org/24414cve@mitre.org
N/A
http://www.osvdb.org/24415cve@mitre.org
N/A
http://www.osvdb.org/24416cve@mitre.org
N/A
http://www.osvdb.org/24417cve@mitre.org
N/A
http://www.osvdb.org/24418cve@mitre.org
N/A
http://www.osvdb.org/24419cve@mitre.org
N/A
http://www.osvdb.org/24420cve@mitre.org
N/A
http://www.osvdb.org/24421cve@mitre.org
N/A
http://www.osvdb.org/24422cve@mitre.org
N/A
http://www.osvdb.org/24423cve@mitre.org
N/A
http://www.osvdb.org/24424cve@mitre.org
N/A
http://www.osvdb.org/24425cve@mitre.org
N/A
http://www.osvdb.org/24426cve@mitre.org
N/A
http://www.osvdb.org/24427cve@mitre.org
N/A
http://www.osvdb.org/24428cve@mitre.org
N/A
http://www.osvdb.org/24429cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/430289/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/439874/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/441015/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/17434cve@mitre.org
Exploit
http://www.vupen.com/english/advisories/2006/1284cve@mitre.org
Vendor Advisory
http://liz0zim.no-ip.org/alp.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/19482af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/19588af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/679af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1015884af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.blogcu.com/Liz0ziM/431845/af854a3a-2127-422b-91ae-364da2661108
Exploit
URL Repurposed
http://www.osvdb.org/24401af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24402af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24403af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24404af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24405af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24406af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24407af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.osvdb.org/24408af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24409af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24410af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24411af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24412af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24413af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24414af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24415af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24416af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24417af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24418af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24419af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24420af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24421af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24422af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24423af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24424af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24426af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24427af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24428af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/24429af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/430289/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/439874/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/441015/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/17434af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.vupen.com/english/advisories/2006/1284af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://liz0zim.no-ip.org/alp.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/19482
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19588
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/679
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015884
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.blogcu.com/Liz0ziM/431845/
Source: cve@mitre.org
Resource:
Exploit
URL Repurposed
Hyperlink: http://www.osvdb.org/24401
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24402
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24403
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24404
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24405
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24406
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24407
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.osvdb.org/24408
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24409
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24410
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24411
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24412
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24413
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24414
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24415
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24416
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24417
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24418
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24419
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24420
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24421
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24422
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24423
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24424
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24426
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24427
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24428
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/24429
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/430289/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/439874/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/441015/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17434
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.vupen.com/english/advisories/2006/1284
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://liz0zim.no-ip.org/alp.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://secunia.com/advisories/19482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/19588
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://securityreason.com/securityalert/679
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1015884
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.blogcu.com/Liz0ziM/431845/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
URL Repurposed
Hyperlink: http://www.osvdb.org/24401
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24402
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24403
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24404
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24406
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24407
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.osvdb.org/24408
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24409
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24410
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24411
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24412
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24413
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24415
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24416
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24417
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24418
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24419
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24420
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24421
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24422
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24423
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24424
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24426
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24427
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24428
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/24429
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/430289/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/439874/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/441015/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17434
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.vupen.com/english/advisories/2006/1284
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

883Records found
CVE-2021-39159
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.32% / 79.06%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 18:20
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote code execution in Binderhub

BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround.

Action-Not Available
Vendor-jupyterjupyterhub
Product-binderhubbinderhub
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2012-5159
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-87.94% / 99.45%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-3136
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.75% / 85.41%
||
7 Day CHG~0.00%
Published-22 Jun, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus including (2) media.php, (3) /xmlrpc/server.php, and (4) /xmlrpc/api_metaweblog.inc.php. NOTE: this is a similar vulnerability to CVE-2006-2583. NOTE: this issue has been disputed by third parties, who state that the DIR_LIBS parameter is defined in an include file before being used

Action-Not Available
Vendor-nucleus_groupn/a
Product-nucleus_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-4879
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.32% / 79.03%
||
7 Day CHG~0.00%
Published-07 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.

Action-Not Available
Vendor-digitaljunkiesn/a
Product-dompdfn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5293
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.47% / 84.65%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/get_tree.inc.php or (2) root_path parameter to usr/extensions/get_infochannel.inc.php.

Action-Not Available
Vendor-redgraphicn/a
Product-sapid_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 64.54%
||
7 Day CHG~0.00%
Published-06 Oct, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.

Action-Not Available
Vendor-yuriy_v_semenikhinn/a
Product-yvs_image_galleryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-3776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.79% / 85.53%
||
7 Day CHG~0.00%
Published-21 Jul, 2006 | 18:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Action-Not Available
Vendor-idevspotn/a
Product-autohostphphostbotn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5231
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.65% / 85.17%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted (1) pagename or (2) area variable containing an executable extension, which is not properly handled by (a) update.php when writing files to content/, or (b) updatenews.php when writing files to content/news/.

Action-Not Available
Vendor-jessgrampn/a
Product-minicmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-2521
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.52% / 89.86%
||
7 Day CHG~0.00%
Published-22 May, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.

Action-Not Available
Vendor-accomplishtechnologyn/a
Product-phpmydirectoryn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-4869
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-84.87% / 99.29%
||
7 Day CHG~0.00%
Published-06 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.

Action-Not Available
Vendor-n/aSangoma Technologies Corp.
Product-freepbxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-2281
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.49% / 80.31%
||
7 Day CHG~0.00%
Published-09 May, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it.

Action-Not Available
Vendor-x-scriptsn/a
Product-x-polln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-2548
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-33.15% / 96.75%
||
7 Day CHG~0.00%
Published-23 May, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.

Action-Not Available
Vendor-prodderperlpoddern/a
Product-prodderperlpoddern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5580
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.80% / 73.12%
||
7 Day CHG~0.00%
Published-27 Oct, 2014 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.

Action-Not Available
Vendor-libproxy_projectn/a
Product-libproxyn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-38196
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.36% / 86.85%
||
7 Day CHG~0.00%
Published-08 Aug, 2021 | 05:07
Updated-04 Aug, 2024 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose.

Action-Not Available
Vendor-better-macro_projectn/a
Product-better-macron/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-6760
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.80% / 87.63%
||
7 Day CHG~0.00%
Published-27 Dec, 2006 | 01:00
Updated-07 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in template.php in Phpmymanga 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter.

Action-Not Available
Vendor-phpmymangan/a
Product-phpmymangan/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5223
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-79.64% / 99.05%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

Action-Not Available
Vendor-crawlabilityn/a
Product-vbseon/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-5224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.19% / 77.99%
||
7 Day CHG~0.00%
Published-01 Oct, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in vb/includes/vba_cmps_include_bottom.php in vBadvanced CMPS 3.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pages[template] parameter.

Action-Not Available
Vendor-vbadvancedn/a
Product-vbadvanced_cmpsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-6689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.32%
||
7 Day CHG~0.00%
Published-21 Dec, 2006 | 21:00
Updated-07 Aug, 2024 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-paristemin/a
Product-paristemin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5610
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.04% / 76.51%
||
7 Day CHG~0.00%
Published-31 Oct, 2006 | 00:00
Updated-03 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Action-Not Available
Vendor-fully_modded_phpbbn/a
Product-fully_modded_phpbbn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-2315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.66% / 93.00%
||
7 Day CHG~0.00%
Published-12 May, 2006 | 00:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in session.inc.php in ISPConfig 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the go_info[server][classes_root] parameter. NOTE: the vendor has disputed this vulnerability, saying that session.inc.php is not under the web root in version 2.2, and register_globals is not enabled

Action-Not Available
Vendor-ispconfign/a
Product-ispconfign/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-6720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.29% / 89.63%
||
7 Day CHG~0.00%
Published-23 Dec, 2006 | 11:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter.

Action-Not Available
Vendor-azucar_cmsn/a
Product-azucar_cmsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-6726
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 83.21%
||
7 Day CHG~0.00%
Published-26 Dec, 2006 | 21:00
Updated-07 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter.

Action-Not Available
Vendor-inertianewsn/a
Product-inertianewsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1636
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.18%
||
7 Day CHG~0.00%
Published-06 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this is a different vulnerability than CVE-2006-1503.

Action-Not Available
Vendor-vwarn/a
Product-virtual_warn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.22% / 92.39%
||
7 Day CHG~0.00%
Published-25 Feb, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.

Action-Not Available
Vendor-phplib_teamn/a
Product-phplibn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.31% / 94.96%
||
7 Day CHG~0.00%
Published-29 Mar, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer.

Action-Not Available
Vendor-n/aHorde LLC
Product-application_frameworkn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.85% / 93.47%
||
7 Day CHG~0.00%
Published-13 Apr, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later reported that 1.4.2 and earlier are affected.

Action-Not Available
Vendor-circle_rn/a
Product-monster_top_listn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-1031
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.31% / 89.65%
||
7 Day CHG~0.00%
Published-07 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter.

Action-Not Available
Vendor-igenusn/a
Product-igenus_webmailn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0854
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.92% / 82.60%
||
7 Day CHG~0.00%
Published-23 Feb, 2006 | 02:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used.

Action-Not Available
Vendor-intensive_pointn/a
Product-iuser_ecommercen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.10% / 94.92%
||
7 Day CHG~0.00%
Published-06 Feb, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.

Action-Not Available
Vendor-gerrit_van_aakenn/a
Product-loudblogn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0399
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.98%
||
7 Day CHG~0.00%
Published-14 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.46% / 80.03%
||
7 Day CHG~0.00%
Published-09 Jan, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

Action-Not Available
Vendor-apache2triadn/aThe PHP Group
Product-pearapache2triadn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0397
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.98%
||
7 Day CHG~0.00%
Published-14 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0094
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-05 Jan, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-oaboardn/a
Product-oaboardn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-0398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.79% / 72.98%
||
7 Day CHG~0.00%
Published-14 Mar, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-2924
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.17%
||
7 Day CHG~0.00%
Published-21 May, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

Action-Not Available
Vendor-hypermethodn/a
Product-elearning_servern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-3860
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.16% / 89.50%
||
7 Day CHG~0.00%
Published-29 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter.

Action-Not Available
Vendor-oliver_mayn/a
Product-athena_php_website_administrationn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-5612
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.17% / 93.21%
||
7 Day CHG~0.00%
Published-31 Oct, 2006 | 01:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.

Action-Not Available
Vendor-michel_pradeln/a
Product-gestartn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-4573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.42% / 95.16%
||
7 Day CHG~0.00%
Published-29 Dec, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-3775
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG~0.00%
Published-23 Nov, 2005 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter.

Action-Not Available
Vendor-pollvoten/a
Product-pollvoten/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-3859
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.61% / 89.96%
||
7 Day CHG~0.00%
Published-29 Nov, 2005 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.

Action-Not Available
Vendor-q-newsn/a
Product-q-newsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-2971
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.68%
||
7 Day CHG~0.00%
Published-20 Oct, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windowsn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-2837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 74.43%
||
7 Day CHG~0.00%
Published-07 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.

Action-Not Available
Vendor-plainblackn/a
Product-webguin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-2315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 65.72%
||
7 Day CHG~0.00%
Published-17 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in picturelib.php in SmartISoft phpBazar 2.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cat parameter.

Action-Not Available
Vendor-smartisoftn/a
Product-phpbazarn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-3302
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-4.91% / 89.19%
||
7 Day CHG~0.00%
Published-24 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

Action-Not Available
Vendor-n/aDebian GNU/LinuxBlender Foundation
Product-blenderdebian_linuxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-7102
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 82.63%
||
7 Day CHG~0.00%
Published-03 Mar, 2007 | 21:00
Updated-07 Aug, 2024 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.

Action-Not Available
Vendor-matthias_dietrichn/a
Product-phpburningportal_quiz-moduln/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-1205
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.84% / 87.71%
||
7 Day CHG~0.00%
Published-20 Feb, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Action-Not Available
Vendor-alanftn/aWordPress.org
Product-wordpressrelocate-uploadn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2006-6748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 69.94%
||
7 Day CHG~0.00%
Published-27 Dec, 2006 | 00:00
Updated-07 Aug, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-newxoopern/a
Product-newxoopern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-2498
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.69% / 88.92%
||
7 Day CHG~0.00%
Published-15 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921.

Action-Not Available
Vendor-gggeekn/aDebian GNU/Linux
Product-phpxmlrpcdebian_linuxn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2012-1199
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.30% / 84.07%
||
7 Day CHG~0.00%
Published-18 Feb, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php.

Action-Not Available
Vendor-secureideasn/a
Product-basic_analysis_and_security_enginen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2005-1894
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.81% / 91.60%
||
7 Day CHG~0.00%
Published-08 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker.

Action-Not Available
Vendor-flatnuken/a
Product-flatnuken/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 17
  • 18
  • Next
Details not found