CVE-2007-0535

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...

CVE-2007-0535

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the pollid parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The...

CVE-2007-0535

CVE-2007-0535 (and related CVE-2007-0504) affect Vote! Pro 4.0 and possibly earlier, via eval injection in poll_frame.php where the poll_id parameter is passed to eval. This allows remote attackers to execute arbitrary code due to unsanitized input in PHP scripts; vectors are not fully detailed b...

Sql injection

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

CVE-2007-0504

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

CVE-2007-0504

CVE-2007-0504 is an eval-injection vulnerability in Vote! Pro 4.0 (poll_frame.php and possibly other scripts). It allows remote attackers to execute arbitrary code by supplying a malicious poll_id that is passed to an eval() call. Descriptions from connected records confirm the poll_id/eval vecto...

EUVD-2007-0502

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

CVE-2007-0134

The CVE-2007-0134 issue affects iGeneric iG Shop, originally version 1.0. It enables remote code execution via eval in the action parameter passed to eval call sites in cart.php and page.php. A later report notes the vulnerability is also present in version 1.4. The connected sources consistently...

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

CVE-2006-6852

tDiary 2.0.3 and 2.1.4.200 contain an eval injection vulnerability that lets a remote authenticated attacker run arbitrary Ruby scripts. The root cause is described as incorrect input validation in two web templates (conf.rhtml and i.conf.rhtml), enabling arbitrary code execution on the web serve...

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

CVE-2006-5509

Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter...

CVE-2006-5509

The CVE concerns WoltLab Burning Book 1.1.2, where an eval injection vulnerability in addentry.php allows remote code execution. The issue arises when crafted POST data stores PHP code in the database, which is later processed by eval. The exploitation path is demonstrated via SQL injection throu...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

The CVE-2006-5185 issue affects HAMweather (versions 3.9.8.4 and earlier) where eval injection in Template.php occurs. An attacker can supply a modified query string that is passed to an eval call inside do_parse_code, allowing remote code execution. Impact is arbitrary code execution on the web ...

CVE-2006-4437

Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in 1 tags.php, 2 sign.php, and 3 admin/index.php...

CVE-2006-4437

The provided documents confirm CVE-2006-4437 in Tagger LE: an eval() injection vulnerability that allows remote attackers to execute arbitrary PHP code via crafted query string parameters in tags.php, sign.php, and admin/index.php. The root cause is unsanitised input being used directly inside an...

CVE-2006-4551

The CVE-2006-4551 entry describes an eval injection vulnerability in Feedsplitter (the feedsplitter.php handling path) that allows remote attackers to execute arbitrary PHP code by supplying the file to the value of the format parameter, and possibly via a malicious RSS feed. The root cause is im...