Search Results (6943 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0236 1 Mozilla 1 Thunderbird 2026-04-16 N/A
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.
CVE-2006-4026 1 Redgraphic 1 Sapid Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
CVE-1999-0891 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
CVE-2003-0395 1 Myupb 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
CVE-2003-1500 1 Cpcommerce 1 Cpcommerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.
CVE-2005-0227 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
CVE-2005-0748 1 Webinsta 1 Webinsta Mailing Manager 2026-04-16 N/A
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code.
CVE-2005-1155 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."
CVE-2005-1527 3 Awstats, Canonical, Debian 3 Awstats, Ubuntu Linux, Debian Linux 2026-04-16 N/A
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
CVE-2005-1876 1 Cutephp 1 Cutenews 2026-04-16 4.5 Medium
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.
CVE-2005-1965 1 Glen Campbell 1 Siteframe 2026-04-16 N/A
PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter.
CVE-2005-2703 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
CVE-2005-0679 1 Stadtaus 1 Tell A Friend Script 2026-04-16 N/A
PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. NOTE: it was later reported that 2.4 is also affected.
CVE-2004-1423 1 Php-calendar 1 Php-calendar 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
CVE-2005-0103 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-16 N/A
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
CVE-1999-0702 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-2004-1926 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
CVE-2000-0155 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2026-04-16 N/A
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
CVE-2005-1921 6 Debian, Drupal, Gggeek and 3 more 6 Debian Linux, Drupal, Phpxmlrpc and 3 more 2026-04-16 N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2004-1419 1 Zeroboard 1 Zeroboard 2026-04-16 N/A
PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code.