Firefox Multiple Vulnerabilities (Mar 2010) - Windows

Firefox browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...

RavenNuke 2.3.0 Code Execution / SQL Injection

waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.html Description of vulnerable softwar...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

codeigniter -- arbitrary script execution in the new Form Validation class

znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

Weave a dream(Dedecms)arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Vulnerability page is \include\incbookfunctions.php The trigger page is member/storyaddcontentaction.php Next is open the following address: http://www.xxx.com/member/storyaddcontentaction.php?chapterid=1&arcID=1&body=?& gt; Followed by the word code. When you see the successful message indicates...

phpMyAdmin执行任意命令漏洞

BugCVE: CAN-2001-1060 BUGTRAQ: 3121 phpMyAdmin中存在一个输入验证错误，允许远程攻击者执行任意命令。攻击者可能获取 敏感信息或者以httpd运行身份执行任意命令。 问题处在'tblcopy.php' 和 'tblrename.php'中的下列代码中: tblcopy.php: eval $message = \ $strCopyTableOK\ ; ; tblrename.php: eval $message = \ $strRenameTableOK\ ; ; 如果用户可以控制$strCopyTableOK 或...

CVE-2007-0504

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

Sql injection

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

Hacking tutorials series of micro-PHP Trojan explore-exploit warning-the black bar safety net

This article is nothing special, only required to initiate it. And gave and I did the dishes in PHP the door and wandering friend. Just learning PHP in a few days, I would rush to work, so there are errors and inadequacies Please a positive note. PHP syntax powerful is ASP in the dust, only one:...

Debian DSA-1034-1 : horde2 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1260 Null characters in the URL parameter bypas...

Debian DSA-1033-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabiliti...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

phpRPC Library rpc_decoder.php decode() Function Arbitrary Code Execution

The remote host has installed on it the phpRPC library, an xmlrpc library written in PHP and bundled with applications such as RunCMS and exoops. The version of phpRPC on the remote host fails to sanitize user input to the 'server.php' script before using it in an 'eval' function, which may allow...

More compact and more powerful--the Eval version of ASP Trojan principle analysis-vulnerability warning-the black bar safety net

WithWebto secure popularity, the administrator prevent WebShellartalso increased, the previous kind is placed directly on a WebShell era is slowly away from us, So now the WebShell more and more attention to its concealment. WebShell hiddenartis also developing very fast, from changing the code...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...