Design/Logic Flaw

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH% variable...

CVE-2008-5305

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH% variable...

FreeBSD Ports: mantis

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

CVE-2008-5071

The CVE-2008-5071 issue affects Yoxel software (version 1.23beta and earlier) where itpm_estimate.php is vulnerable to multiple eval injection flaws. The underlying cause is eval-based code execution triggered by the proj_id parameter, allowing remote authenticated users to run arbitrary PHP code...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

Sql injection

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

CVE-2008-3764 describes an eval injection in Turnkey PHP Live Helper (PHP Live Helper) 2.0.1 and earlier. The vulnerability resides in globalsoff.php and allows remote attackers to execute arbitrary PHP code via the test parameter (and likely other parameters) passed to chat.php. This is a remote...

Sql injection

Eval injection vulnerability in admconfigset.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter...

CVE-2008-3332

CVE-2008-3332 is an eval() injection in adm_config_set.php in MantisBT prior to 1.1.2. Remote authenticated administrators can execute arbitrary PHP commands via the value parameter. Evidence from Gentoo GLSA 200809-10 and related advisories indicates upgrade to the latest MantisBT (>=1.1.2) a...

Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1060

The CVE affects the Sniplets WordPress plugin, specifically versions 1.1.2 and 1.2.2, where an eval injection in modules/execute.php allows remote attackers to execute arbitrary PHP code via the text parameter. This results in remote code execution with the webserver user’s privileges, aligning w...

WordPress Sniplets Plugin <= 1.2.2 - Eval Injection

Because of this vulnerability in modules/execute.php, the attackers can execute arbitrary PHP code via the "text" parameter. Solution Update the plugin...

Design/Logic Flaw

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter...

CVE-2008-0503

CVE-2008-0503 affects Netwerk Smart Publisher 1.0.1. An eval() failure in admin/op/disp.php allows remote attackers to execute arbitrary PHP code via the filedata parameter, enabling unauthenticated, network-vector exploitation. CVSS 2.0 base score 6.8 ("NETWORK" attack vector, "MEDIUM" complexit...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

CVE-2008-0382

CVE-2008-0382 affects MyBB 1.2.10 and earlier. The vulnerability is due to eval injection in the sortby parameter of forumdisplay.php or the results action in search.php, enabling remote attackers to execute arbitrary PHP code. This is a remote, unauthenticated code-execution issue with impact on...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

Debian Security Advisory DSA 1423-1 (sitebar)

The remote host is missing an update to sitebar announced via advisory DSA 1423-1. OpenVAS Vulnerability Test $Id: deb14231.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1423-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...