CVE-2006-4506

idmlib.sh in nxdrv in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " quote and \ backslash characters and eval injection...

CVE-2006-4506

The CVE-2006-4506 entry concerns Novell Identity Manager (IDM) 3.0.1, where idmlib.sh in the nxdrv component allows local users to run arbitrary commands via unspecified vectors, with potential involvement of the " (quote) and \ (backslash) characters and eval injection. Public sources in the NVD...

CVE-2006-4506

idmlib.sh in nxdrv in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " quote and \ backslash characters and eval injection...

CVE-2006-3819

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF"...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

CVE-2006-2005 affects ClanSys 1.1 (index.php). The vulnerability is an eval injection in the page parameter that allows remote attackers to execute arbitrary PHP code, demonstrated by injecting an include statement into the eval. Some sources describe it as a file inclusion, but the primary issue...

CVE-2006-2005

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-1551

PAJAX

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

CVE-2006-1491

CVE-2006-1491 is a remote code execution vulnerability in the Horde Application Framework. The issue affects Horde 3.0.x before 3.0.10 and 3.1.x before 3.1.1, where unsanitized user input in the help viewer is passed to eval(), allowing arbitrary code execution on affected hosts. Related publicly...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

Sql injection

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

CVE-2006-1252

CVE-2006-1252 affects Light Weight Calendar (LWC) 1.0, where an eval injection in cal.php allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. This is a remote code execution vulnerability with CVSSv2 base score 7.5 (HIGH) and network attack vector with no au...

CVE-2006-1032

The CVE-2006-1032 vulnerability affects phpRPC

Sql injection

Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...

CVE-2006-0887

Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

CVE-2006-0757

CVE-2006-0757 describes multiple PHP eval-injection vulnerabilities in HiveMail 1.3 and earlier, allowing remote attackers to execute arbitrary PHP code via various parameters (e.g., contactgroupid in addressbook.update.php, messageid in addressbook.add.php, folderid in folders.update.php, and ot...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...