CyberSecurityBoard
Sponsor Register Login

CVE-2006-3053

** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor.

Publication date: Fri, 16 Jun 2006 15:02:00 +0000


Cyber News related to CVE-2006-3053

CVE-2006-3053 - ** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, ...
7 years ago
CVE-2015-3054 - Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3055, ...
8 years ago
CVE-2015-3075 - Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, ...
8 years ago
CVE-2015-3059 - Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, ...
8 years ago
CVE-2015-3053 - Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, ...
8 years ago
CVE-2015-3055 - Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3053, CVE-2015-3054, ...
8 years ago
CVE-2021-3053 - An improper handling of exceptional conditions vulnerability exists in the Palo Alto Networks PAN-OS dataplane that enables an unauthenticated network-based attacker to send specifically crafted traffic through the firewall that causes the service to ...
4 years ago
CVE-2017-3053 - Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files. ...
8 years ago
CVE-2008-3053 - SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
8 years ago
CVE-2014-3053 - The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass ...
8 years ago
CVE-2016-3053 - IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. ...
8 years ago
CVE-2009-3053 - Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable ...
8 years ago
CVE-2007-3053 - Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. ...
7 years ago
CVE-2012-3053 - Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP11, T27 LD before SP32 CP2, and T28 L10N before SP1 allows remote attackers to execute arbitrary code ...
7 years ago
CVE-2011-3053 - Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. ...
5 years ago
CVE-2018-3053 - Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). Supported versions that are affected are 16.x and 17.x. Easily exploitable vulnerability ...
6 years ago
CVE-2010-3053 - bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string. ...
2 years ago
CVE-2022-3053 - Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page. ...
3 years ago
CVE-2005-3053 - The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument. ...
2 years ago
CVE-2023-3053 - The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and including, 1.27.133. This makes it possible for ...
2 years ago
CVE-2024-22936 - Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter. ...
1 year ago
CVE-2024-3053 - The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ forminator_form shortcode attribute in versions up to, and including, 1.29.2 due to insufficient ...
1 year ago Tenable.com
CVE-2025-3053 - The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function ...
7 months ago
CVE-2025-38677 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)