| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-4824 |
|
|
Exec Code File Inclusion |
2005-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965. |
|
2 |
CVE-2005-4748 |
|
|
Exec Code XSS File Inclusion |
2005-12-31 |
2008-09-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem. |
|
3 |
CVE-2005-4593 |
|
|
Exec Code File Inclusion |
2005-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir parameter in docbuilder/file_dialog.php. |
|
4 |
CVE-2005-4474 |
|
|
DoS Exec Code Overflow File Inclusion |
2005-12-22 |
2018-10-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE. |
|
5 |
CVE-2005-4211 |
|
|
Exec Code File Inclusion |
2005-12-14 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable. |
|
6 |
CVE-2005-3861 |
94 |
|
Exec Code File Inclusion |
2005-11-29 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. |
|
7 |
CVE-2005-3860 |
94 |
|
Exec Code File Inclusion |
2005-11-29 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter. |
|
8 |
CVE-2005-3859 |
94 |
|
Exec Code File Inclusion |
2005-11-29 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. |
|
9 |
CVE-2005-3835 |
94 |
|
Exec Code File Inclusion |
2005-11-26 |
2011-08-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter. |
|
10 |
CVE-2005-3797 |
|
|
Exec Code File Inclusion |
2005-11-24 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. |
|
11 |
CVE-2005-3775 |
94 |
|
File Inclusion |
2005-11-23 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter. |
|
12 |
CVE-2005-3738 |
|
|
File Inclusion |
2005-11-22 |
2018-10-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. |
|
13 |
CVE-2005-3639 |
|
|
Dir. Trav. File Inclusion |
2005-11-16 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. |
|
14 |
CVE-2005-3574 |
|
|
File Inclusion |
2005-11-16 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. |
|
15 |
CVE-2005-3571 |
94 |
|
File Inclusion |
2005-11-16 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected. |
|
16 |
CVE-2005-3558 |
|
|
Exec Code File Inclusion |
2005-11-16 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. |
|
17 |
CVE-2005-3519 |
|
|
Exec Code File Inclusion |
2005-11-06 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. |
|
18 |
CVE-2005-3404 |
|
|
File Inclusion |
2005-11-01 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php. |
|
19 |
CVE-2005-3366 |
|
|
Exec Code XSS File Inclusion |
2005-10-30 |
2017-07-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher. |
|
20 |
CVE-2005-3335 |
|
|
Exec Code File Inclusion |
2005-10-27 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. |
|
21 |
CVE-2005-3328 |
|
|
Exec Code File Inclusion |
2005-10-27 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. |
|
22 |
CVE-2005-3299 |
|
|
File Inclusion |
2005-10-23 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array. |
|
23 |
CVE-2005-3062 |
|
|
Exec Code File Inclusion |
2005-09-27 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter. |
|
24 |
CVE-2005-3017 |
|
|
XSS File Inclusion |
2005-09-21 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). |
|
25 |
CVE-2005-2865 |
|
|
Exec Code File Inclusion |
2005-09-08 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. |
|
26 |
CVE-2005-2846 |
|
|
Exec Code File Inclusion |
2005-09-08 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. |
|
27 |
CVE-2005-2793 |
77 |
|
Exec Code File Inclusion |
2005-09-02 |
2020-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter. |
|
28 |
CVE-2005-2782 |
|
|
Exec Code Bypass File Inclusion |
2005-09-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs. |
|
29 |
CVE-2005-2775 |
|
|
Exec Code File Inclusion |
2005-09-02 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter. |
|
30 |
CVE-2005-2717 |
|
|
Exec Code File Inclusion |
2005-08-29 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. |
|
31 |
CVE-2005-2687 |
|
|
Exec Code File Inclusion |
2005-08-24 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. |
|
32 |
CVE-2005-2633 |
|
|
Exec Code File Inclusion |
2005-08-23 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. |
|
33 |
CVE-2005-2567 |
|
|
Exec Code File Inclusion |
2005-08-16 |
2016-10-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. |
|
34 |
CVE-2005-2544 |
|
|
Exec Code File Inclusion |
2005-08-10 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter. |
|
35 |
CVE-2005-2413 |
|
|
Exec Code File Inclusion |
2005-08-03 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter. |
|
36 |
CVE-2005-2412 |
|
|
Exec Code File Inclusion |
2005-08-03 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter. |
|
37 |
CVE-2005-2331 |
|
|
Exec Code File Inclusion |
2005-07-20 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter. |
|
38 |
CVE-2005-2328 |
|
|
Exec Code File Inclusion |
2005-07-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable. |
|
39 |
CVE-2005-2321 |
|
|
Exec Code File Inclusion |
2005-07-19 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php. |
|
40 |
CVE-2005-2258 |
|
|
Exec Code File Inclusion |
2005-07-13 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter. |
|
41 |
CVE-2005-2251 |
|
|
Exec Code File Inclusion |
2005-07-13 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468. |
|
42 |
CVE-2005-2249 |
|
|
File Inclusion |
2005-07-13 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. |
|
43 |
CVE-2005-2246 |
|
|
Exec Code File Inclusion |
2005-07-12 |
2017-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php. |
|
44 |
CVE-2005-2216 |
|
|
Exec Code File Inclusion |
2005-07-12 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. |
|
45 |
CVE-2005-2199 |
|
|
Exec Code File Inclusion |
2005-07-11 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. |
|
46 |
CVE-2005-2198 |
|
|
Exec Code File Inclusion |
2005-07-11 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. |
|
47 |
CVE-2005-2179 |
|
|
Exec Code File Inclusion |
2005-07-11 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter. |
|
48 |
CVE-2005-2162 |
|
|
Exec Code File Inclusion |
2005-07-06 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter. |
|
49 |
CVE-2005-2157 |
|
|
Exec Code File Inclusion |
2005-07-06 |
2011-03-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter. |
|
50 |
CVE-2005-2155 |
|
|
Exec Code File Inclusion |
2005-07-06 |
2008-09-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter. |
