Sql injection

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username...

CVE-2006-0418

Affected product: 123 Flash Chat Server 5.0 and 5.1. Vulnerable: eval injection in username handling that allows arbitrary code execution. Root cause: crafted username processed in a way that enables code execution. Impact: potential compromise of confidentiality, integrity, and availability (as ...

CVE-2006-0418

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username...

CVE-2006-0214

CVE-2006-0214 affects ezDatabase 2.0 and earlier. A vulnerability in the application’s PHP code allows remote attackers to execute arbitrary PHP via an eval injection in the db_id parameter to visitorupload.php, demonstrated with phpinfo and include() calls. The connected documents confirm the fl...

Sql injection

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

CVE-2006-0206

CVE-2006-0206 affects Light Weight Calendar (LWC) 1.0 (20040909) and earlier. The vulnerability is an eval injection: the date parameter submitted to index.php via cal.php is included and can be exploited to execute arbitrary PHP code on the server. This is a remote code execution issue. Connecte...

EUVD-2006-0214

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

CVE-2005-3539

CVE-2005-3539 affects HylaFAX up to version 4.2.x (notably 4.2.3 and earlier). The root cause is evaluation of untrusted input in HylaFAX components: the notify script and crafted CallID parameters to faxrcvd, enabling remote attackers to execute arbitrary commands with the HylaFAX server privile...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-4317

Limbo CMS 1.0.4.2 and earlier, with registerglobals off, does not protect the $SERVER variable from external modification, which allows remote attackers to use the SERVERREMOTEADDR parameter to 1 conduct cross-site scripting XSS attacks in the stats module or 2 execute arbitrary code via an eval...

CVE-2005-4317

Limbo CMS (versions up to 1.0.4.2) is affected by multiple flaws. When register_globals is off and a MySQL backend is used, improper sanitization of _SERVER[REMOTE_ADDR] enables SQL injection. The same parameter can also enable cross-site scripting in the Stats module. Additionally, index2.php pe...

CVE-2005-4031

MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...

CVE-2004-2631

CVE-2004-2631 affects phpMyAdmin 2.5.1–2.5.7, where LeftFrameLight being FALSE enables eval injection in left.php, allowing remote attackers to execute arbitrary PHP code via a crafted table name. The issue is rated CVSS v2 base 7.5 (Network, Low attack complexity, no authentication). Connected a...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2005-3554

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...

CVE-2005-3554

CVE-2005-3554 describes multiple eval-injection vulnerabilities in the help function of PHP-Kit up to version 1.6.1 R2, triggered when register_globals is enabled. Remote attackers could execute arbitrary code on the server via uninitialized variables. The description notes unknown attack vectors...

CVE-2005-3554

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...