CVE-2007-4454

CVE-2007-4454 affects Olate Download (od) 3.4.1 via an eval injection in environment.php. A crafted version string can cause code execution, using either PDO::ATTR_SERVER_VERSION or PDO::ATTR_CLIENT_VERSION. The available documents confirm the vulnerability and potential impact; no remediation de...

CVE-2007-4454

Eval injection vulnerability in environment.php in Olate Download od 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the 1 PDO::ATTRSERVERVERSION or 2 PDO::ATTRCLIENTVERSION attribute...

Sql injection

Multiple eval injection vulnerabilities in the comsearch component in Joomla! 1.5 beta before RC1 aka Mapya allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to defaultresults.php in 1 components/comsearch/views/search/tmpl/ and 2...

CVE-2007-4187

Multiple eval injection vulnerabilities in the comsearch component in Joomla! 1.5 beta before RC1 aka Mapya allow remote attackers to execute arbitrary PHP code via PHP sequences in the searchword parameter, related to defaultresults.php in 1 components/comsearch/views/search/tmpl/ and 2...

CVE-2007-4187

CVE-2007-4187 affects Joomla! 1.5 beta before RC1 (Mapya). The vulnerability stems from multiple eval-injection flaws in the com_search component, specifically related to the searchword parameter being passed to eval() via default_results.php (1) components/com_search/views/search/tmpl/ and (2) t...

Design/Logic Flaw

Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call...

CVE-2007-2501

Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call...

CVE-2007-2501

CVE-2007-2501 is an eval-injection vulnerability affecting CodePress components (CodePress before 0.9.4), where user-supplied input used in an eval call can lead to remote code execution. The vulnerable element is specifically in codepress.html. Impact is remote arbitrary code execution with the ...

CVE-2007-2501

Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call...

Design/Logic Flaw

Eval injection vulnerability in 1 courier-imapd.indirect and 2 courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable...

CVE-2007-2173

CVE-2007-2173 affects Courier-IMAP (courier-imapd.indirect) and courier-pop3d.indirect on Gentoo Linux, with vulnerable versions: Courier-IMAP prior to 4.0.6-r2 and 4.1.x prior to 4.1.2-r1. The flaw is an eval injection via the XMAILDIR variable (related to LOGINRUN), allowing remote attackers to...

CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...

Design/Logic Flaw

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...

CVE-2007-1277

WordPress 2.1.1, as downloaded from some official distribution sites during February and March 2007, contains an externally introduced backdoor that allows remote attackers to execute arbitrary commands via 1 an eval injection vulnerability in the ix parameter to wp-includes/feed.php, and 2 an...

WordPress <= 2.1.1 - Multiple Vulnerabilities

The attackers can execute arbitrary commands via an eval injection vulnerability in the "ix" parameter to wp-includes/feed.php. Also, there is command execution backdoor vulnerability. Solution Update the WordPress to the latest available version at least 2.1.2...

CVE-2007-1253

Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...

Design/Logic Flaw

Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...

CVE-2007-1253

Eval injection vulnerability in the a kmzImportWithMesh.py Script for Blender 0.1.9h, as used in b Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted 1 KML or 2 KMZ file...

CVE-2007-1253

CVE-2007-1253 affects Blender up to version 2.43, via the kmz_ImportWithMesh.py script. An insecure use of eval() in kmz_ImportWithMesh.py allows a remote attacker to entice a user to open a crafted .kmz or .kml file, resulting in arbitrary Python code execution with the user’s privileges. The vu...

Sql injection

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...