CVE-2006-4354

PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter.

Publication date: Sun, 27 Aug 2006 07:04:00 +0000

Cyber News related to CVE-2006-4354

CVE-2006-4354 - PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. ...
7 years ago

CVE-2010-4354 - The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only ...
14 years ago

CVE-2012-4355 - TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted negative integer after the opcode, triggering ...
12 years ago

CVE-2020-4354 - IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...
3 years ago

CVE-2005-4354 - Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter. ...
13 years ago

CVE-2012-4354 - TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering ...
12 years ago

CVE-2011-4354 - crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 ...
12 years ago

CVE-2013-4354 - The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. ...
11 years ago

CVE-2015-4354 - Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified ...
9 years ago

CVE-2007-4354 - Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. ...
7 years ago

CVE-2009-4354 - TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions. ...
7 years ago

CVE-2014-4354 - Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. ...
7 years ago

CVE-2008-4354 - SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. ...
7 years ago

CVE-2018-4354 - A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. ...
5 years ago

CVE-2022-4354 - A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/comment of the component Message Board. The manipulation leads to cross site scripting. The ...
2 years ago

CVE-2016-4354 - ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. ...
1 year ago

CVE-2021-4354 - The PWA for WP & AMP for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pwaforwp_splashscreen_uploader function in versions up to, and including, 1.7.32. This makes it possible for authenticated ...
1 year ago

CVE-2023-4354 - Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) ...
1 year ago

CVE-2017-4354 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2024-4354 - The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, ...
8 months ago

CVE-2024-44980 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

Latest Cyber News

BlackBastaGPT – A ChatGPT Powered Tool to Uncover Ransomware Group Tactics - Cyber Security News - 9 hours ago
CVE-2022-28339 - 14 hours ago
Beware: PayPal "New Address" feature abused to send phishing emails - 14 hours ago
CVE-2025-26774 - 19 hours ago
CVE-2025-26776 - 19 hours ago
CVE-2025-26973 - 19 hours ago
CVE-2025-27012 - 19 hours ago
CVE-2025-26750 - 19 hours ago
CVE-2025-26756 - 19 hours ago
CVE-2025-26757 - 19 hours ago
CVE-2025-26760 - 19 hours ago
CVE-2025-26763 - 19 hours ago
CVE-2025-26764 - 19 hours ago
Fake CS2 tournament streams used to steal crypto, Steam accounts - 19 hours ago
CVE-2024-12577 - 20 hours ago
CVE-2024-46975 - 20 hours ago
CVE-2024-47896 - 20 hours ago
CVE-2024-52939 - 20 hours ago
CVE-2025-0957 - 21 hours ago
CVE-2025-1556 - 22 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

BlackBastaGPT – A ChatGPT Powered Tool to Uncover Ransomware Group Tactics - Cyber Security News - 9 hours ago
CVE-2019-8900 - 1 day ago
CVE-2025-26622 - 1 day ago
CVE-2025-27104 - 1 day ago
CVE-2025-27105 - 1 day ago
CVE-2025-27106 - 1 day ago
CVE-2025-27108 - 1 day ago
CVE-2025-27109 - 1 day ago
CVE-2024-45674 - 1 day ago
CVE-2024-22341 - 1 day ago
CVE-2023-4261 - 1 day ago
CVE-2024-13873 - 1 day ago
CVE-2024-13899 - 1 day ago
CVE-2025-1509 - 1 day ago
CVE-2025-1510 - 1 day ago
CVE-2024-12038 - 1 day ago
CVE-2024-12467 - 1 day ago
CVE-2024-13474 - 1 day ago
CVE-2024-13798 - 1 day ago
CVE-2024-13564 - 1 day ago