CVE-2009-0820

CVE-2009-0820 affects phpScheduleIt prior to 1.2.11. It enables remote arbitrary PHP code execution via eval injection through reserve.php (end_date) and check.php (start_date/end_date); the start_date vector is also covered by CVE-2008-6132. OpenVAS/Exploit DB references confirm reserve.php RCE ...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

CVE-2009-0673 describes an eval injection in RavenNuke 2.30’s Custom Fields within the Your Account module. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. Affected product/stack: Raven W...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

Sql injection

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

CVE-2008-6132

phpScheduleIt 1.2.10 and earlier is affected by an eval injection in reserve.php's start_date parameter when magic_quotes_gpc is disabled, allowing remote code execution. The vulnerability is confirmed by multiple sources (NVD entry CVE-2008-6132; OpenVAS and CVE cross-references; Metasploit modu...

Sql injection

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2009-0517

CVE-2009-0517 affects phpSlash 0.8.1.1 and earlier. The flaw is an eval()-based injection where unvalidated input in the fields parameter is passed to eval() inside tz_env.class, enabling remote PHP code execution with the web server’s privileges. Impact is described as complete impacts to confid...

CVE-2008-5963

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...

CVE-2008-5963

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...

CVE-2008-5963

Gravity GTD (Getting Things Done) up to version 0.4.5 is affected by an eval-injection vulnerability in library/setup/rpc.php that allows remote attackers to execute arbitrary PHP code via the objectname parameter. This CVE (CVE-2008-5963) is rated high by NVD (base score 10.0) with network attac...

DEBIAN-CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

Sql injection

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

KTorrent’s web interface plugin is affected by CVE-2008-5906 (and CVE-2008-5905). The vulnerability arises from improper handling of web-interface request parameters, enabling remote attackers to inject PHP code and, per Gentoo/Ubuntu advisories, potentially perform arbitrary code execution in th...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. VID f98dea27-d687-11dd-abd1-0050568452ac OpenVAS Vulnerability Test $ Description: Auto generated from VID f98dea27-d687-11dd-abd1-0050568452ac Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...