CVE-2006-5767

PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.

Publication date: Tue, 07 Nov 2006 05:07:00 +0000

Cyber News related to CVE-2006-5767

CVE-2006-5767 - PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter. ...
6 years ago

CVE-2015-5764 - The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. ...
7 years ago

CVE-2015-5765 - The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. ...
7 years ago

CVE-2015-5767 - The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. ...
7 years ago

CVE-2007-5767 - Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited ...
13 years ago

CVE-2014-5767 - The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
9 years ago

CVE-2013-5767 - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ...
7 years ago

CVE-2012-5767 - Unspecified vulnerability in the web interface on the IBM TS3500 Tape Library with firmware before C260 allows remote authenticated users to gain privileges via unspecified vectors. ...
6 years ago

CVE-2008-5767 - SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. ...
6 years ago

CVE-2016-5767 - Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before 2.0.34RC1, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based ...
6 years ago

CVE-2018-5767 - An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. ...
6 years ago

CVE-2020-5767 - Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. ...
3 years ago

CVE-2019-5767 - Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. ...
3 years ago

CVE-2023-5767 - A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. A malicious actor could perform cross-site scripting on the webserver due to an RDT language file being improperly sanitized. ...
7 months ago Tenable.com

CVE-2017-5767 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-5767 - The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack ...
3 days ago

CVE-2024-38538 - In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN ...
2 weeks ago Tenable.com

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
7 months ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-5424 - Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than ...
6 years ago

Latest Cyber News

CVE-2024-40605 - 7 hours ago
CVE-2024-40604 - 7 hours ago
CVE-2024-40603 - 7 hours ago
CVE-2024-40602 - 7 hours ago
CVE-2024-40601 - 7 hours ago
CVE-2024-40600 - 7 hours ago
CVE-2024-40599 - 7 hours ago
CVE-2024-40598 - 7 hours ago
CVE-2024-40596 - 7 hours ago
CVE-2024-40597 - 7 hours ago
CVE-2024-6095 - 13 hours ago
CVE-2024-37554 - 14 hours ago
CVE-2024-37553 - 15 hours ago
CVE-2024-37547 - 16 hours ago
CVE-2024-37546 - 16 hours ago
CVE-2024-37542 - 18 hours ago
CVE-2024-37541 - 18 hours ago
CVE-2024-37539 - 18 hours ago
CVE-2024-39486 - 21 hours ago
CVE-2024-37260 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-40605 - 7 hours ago
CVE-2024-40604 - 7 hours ago
CVE-2024-40603 - 7 hours ago
CVE-2024-40602 - 7 hours ago
CVE-2024-40601 - 7 hours ago
CVE-2024-40600 - 7 hours ago
CVE-2024-40599 - 7 hours ago
CVE-2024-40598 - 7 hours ago
CVE-2024-40596 - 7 hours ago
CVE-2024-40597 - 7 hours ago
CVE-2024-6095 - 13 hours ago
CVE-2024-37553 - 15 hours ago
CVE-2024-37554 - 14 hours ago
CVE-2024-37547 - 16 hours ago
CVE-2024-37546 - 16 hours ago
CVE-2024-37542 - 18 hours ago
CVE-2024-37541 - 18 hours ago
CVE-2024-37539 - 18 hours ago
CVE-2024-39486 - 21 hours ago
CVE-2024-37260 - 21 hours ago