Sql injection

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

CVE-2008-0139 affects Loudblog 0.8.0 and earlier. An Eval injection in loudblog/inc/parse_old.php via the template parameter allows remote attackers to execute arbitrary PHP code. CVSS2 base metrics indicate Network access, no authentication, and partial impact to confidentiality, integrity, and ...

Sql injection

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

CVE-2007-6550

PMOS Help Desk 2.4 and earlier is affected by CVE-2007-6550. form.php redirects without exiting, enabling remote attackers to perform eval injection and execute arbitrary PHP code via the options array parameter. Affected component: PMOS Help Desk’s PHP form handling. Root cause: missing exit aft...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

DSA-1423-1 sitebar - several vulnerabilities

Bulletin has no description...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...

CVE-2007-5693

SiteBar 3.3.8 contains an eval-injection vulnerability in the translation module (translator.php) that allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action (CVE-2007-5693). Evidence across multiple advisories (Debian DSA-1423-1, GLSA, and OSS...

Sql injection

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

CVE-2007-5453

CVE-2007-5453 concerns Php-Stats 0.1.9.2, which contains multiple eval-injection vulnerabilities. The issue allows remote authenticated administrators to execute arbitrary code by injecting PHP sequences into the php-stats-options record in the _options table, which is subsequently evaluated via ...

CVE-2007-5453

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...

Design/Logic Flaw

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...

CVE-2007-5056

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...

CVE-2007-5056

CVE-2007-5056 is an eval injection in adodb-perf-module.inc.php of ADOdb Lite

Design/Logic Flaw

Eval injection vulnerability in environment.php in Olate Download od 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the 1 PDO::ATTRSERVERVERSION or 2 PDO::ATTRCLIENTVERSION attribute...

CVE-2007-4454

Eval injection vulnerability in environment.php in Olate Download od 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the 1 PDO::ATTRSERVERVERSION or 2 PDO::ATTRCLIENTVERSION attribute...