Sql injection

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-1349

OpenSIS CVE-2013-1349 affects OpenSIS 4.5–5.2. The vulnerability is in ajax.php: the parameter modname is not properly sanitized before being used in an eval call, allowing an attacker to inject and execute arbitrary PHP code. Multiple sources reference the code path through ajax.php and the modn...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Design/Logic Flaw

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

CVE-2013-4446

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

CVE-2013-4446

CVE-2013-4446 affects Drupal Context module (drupal6-context 6.x-2.x before 6.x-3.2; 7.x-3.x before 7.x-3.0). The vulnerability arises when PHP lacks a json_decode function or json library, allowing remote attackers to execute arbitrary PHP code via Ajax-related vectors (possibly involving eval)....

CVE-2013-2121

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

Design/Logic Flaw

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

CVE-2013-2121

Foreman (Red Hat OpenStack/Satellite) CVE-2013-2121 is an eval injection in the create action of the bookmarks controller. Before 1.2.0-RC2, remote authenticated users with bookmark-creation permissions can execute arbitrary code via a controller name attribute. Public references note code inject...

Foreman: app/controllers/bookmarks_controller.rb remote code execution

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

CVE-2013-0209

lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x through 4.38 does not require authentication for requests to database-migration functions, which allows remote attackers to conduct eval injection and SQL injection attacks via crafted parameters, as demonstrated by an eval injecti...

CVE-2013-0209

Movable Type is affected by CVE-2013-0209 through mt-upgrade.cgi (lib/MT/Upgrade.pm) in versions 4.2x and 4.3x up to 4.38. The vulnerability arises because database-migration functions do not require authentication, enabling an attacker to perform eval and SQL injection via crafted parameters, in...

CVE-2012-5932

Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...

Sql injection

Eval injection vulnerability in the ldapagnteval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request...

CVE-2012-5932

CVE-2012-5932 describes an eval-injection in the ldapagnt_eval function of NetIQ Privileged User Manager (unifid.exe, ldapagnt.dll) affecting 2.3.x up to before 2.3.1 HF2. A crafted application/x-amf request can trigger remote code execution (Perl) with SYSTEM privileges, as reported by multiple ...

Ubuntu Update for perl USN-1643-1

Ubuntu Update for Linux kernel vulnerabilities USN-1643-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for perl USN-1643-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu: Security Advisory (USN-1643-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...