19 matches found
Dynamic Variable Evaluation
Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Dynamic Variable Evaluation via the evaluation of placeholders in email templates. An attacker can access sensitive system information, such as configuration files, database...
EUVD-2007-2617
Malware in sbrugna...
EUVD-2006-4891
Malware in sbrugna...
EUVD-2006-2159
Malware in sbrugna...
CVE-2023-31032
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...
CVE-2023-31032
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...
Design/Logic Flaw
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...
CVE-2023-31032 CVE
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...
PHP vulnerability full solution-vulnerability warning-the black bar safety net
PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...
CVE-2007-2624
The CVE-2007-2624 entry concerns All In One Control Panel (AIOCP) before 1.3.016, where a dynamic variable evaluation vulnerability in shared/config/cp_config.php enables remote XSS via the SERVER superglobal array. The issue stems from processing user-supplied data in SERVER-related variables, a...
Cross site scripting
Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...
Remote file inclusion
PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to admin.php, probably due to a dynamic variable evaluation vulnerability...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-4019
CVE-2006-4019 affects SquirrelMail up to version 1.4.7, where a dynamic variable evaluation flaw in compose.php can allow an attacker to overwrite variables used by the script and influence actions, potentially reading/writing attachments and other users’ preferences. The issue stems from unsafe ...
CVE-2006-3584
CVE-2006-3584 affects Jetbox CMS 2.1 SR1. The vulnerability is in index.php where inputs passed in the URL are evaluated as PHP variable variables, allowing remote attackers to overwrite configuration variables. This is caused by improper handling/sanitization of URL parameters and can lead to di...
CVE-2006-3207
Directory traversal vulnerability in newpost.php in Ultimate PHP Board UPB 1.9.6 and earlier allows remote attackers to overwrite arbitrary files via a .. dot dot sequence and trailing null %00 byte in the id parameter, as demonstrated by injecting a Perl CGI script using "NR" sequences in the...
Remote file inclusion
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...