CVE-2010-3719

Summary: CVE-2010-3719 affects Symantec IM Manager. The vulnerability resides in the admin interface’s ScheduleTask function (IMAdminSchedTask.asp) and involves improper sanitization of POST input passed to an eval() call. Affected product is Symantec IM Manager up to version 8.4.16; exploitation...

JavaScript eval() Usage on Web Server

Binary data 5723.prm...

MetInfo 3.0 PHP code injection vulnerability(getshell)-vulnerability warning-the black bar safety net

Official website: http://www.metinfo.cn/ Keyword:"Powered by MetInfo 3.0" Description: In the file/include/common. inc. php 6 line 7: evalbase64decode$allclass0; $allclass0 variable is not initialized, so we can control its value, the code injection use. POC: the...

MetInfo 3.0 PHP Code Injection Vulnerability

Exploit for php platform in category web applications ============================================ MetInfo 3.0 PHP Code Injection Vulnerability ============================================ Exploit Title£ºMetInfo 3.0 PHP Code Injection Vulnerability Date:2010-10-31 Author£ºlinux520.com...

Javascript eval Case Sensitivity Obfuscation

Although various security products provide coverage against many web vulnerabilities, such as ActiveX exploits, these known exploits could potentially bypass security products by using JavaScript obfuscation techniques.An example of such a technique is the JavaScript "eval" obfuscation, which is...

PHP code execution vulnerability summary-vulnerability warning-the black bar safety net

PHP security lovers of the feastthe Month of PHP Security it. Read php-security on many of the cattle below, to issue to the shared under a., are idols wow. A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec...

cyask system background Getshell vulnerabilities-vulnerability warning-the black bar safety net

cyask will set the parameters to the write cache, the write cache when removed from the database unfiltered data directly to write the file, resulting in can get webshell Analysis: admin/settingmanage. php file: ? php adminfooter; exit; elseif$adminaction=='settingedit' ifisset$POST'editsubmit'...

PHP code execution vulnerability-summary-vulnerability warning-the black bar safety net

Reference from:http://php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/index.html A code execution function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec and passthru and escapeshellcmd and pcntlexec , etc. demo code 1....

Sql injection

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to 1 the...

CVE-2010-1546

CVE-2010-1546 affects Drupal's Chaos Tool Suite (CTools) module 6.x, prior to 6.x-1.4. An eval injection in the import functionality allows a remote authenticated user with "administer page manager" privileges to execute arbitrary PHP code via input to a text area, via the page_manager_page_impor...

CVE-2010-1546

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to 1 the...

Sql injection

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter...

CVE-2009-4836

Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter...

CVE-2009-4836

The CVE-2009-4836 entry concerns Movie PHP Script 2.0. Affected component: system/services/init.php. Root cause: eval injection via the anticode parameter, enabling remote attackers to execute arbitrary PHP code. The vulnerability is described as a remote code execution risk with network access a...

Firefox Multiple Vulnerabilities (Mar 2010) - Windows

Firefox browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Memory corruption

The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service memory corruption and application crash and possibly execute arbitrary code via vectors involving certain indirect...

CVE-2010-0165

The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service memory corruption and application crash and possibly execute arbitrary code via vectors involving certain indirect...

Cross site scripting

Cross-site scripting XSS vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.21, 8.12.7, and 8.05; allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not...

CVE-2010-0440

The CVE-2010-0440 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco Secure Desktop (CSCOT) translation path. Affects Cisco Secure Desktop 3.4.2048 and earlier than 3.5, and is also implicated in Cisco ASA appliances running before 8.2(1), 8.1(2.7), and 8.0(5). The root cause is imprope...

Discuz! 7.1 - 7.2 远程代码执行漏洞

产生漏洞的$scriptlang数组在安装插件后已经初始化 Discuz！新版本7.1与7.2版本中的showmessage函数中eval中执行的参数未初始化，可以任意提交，从而可以执行任意PHP命令。 下面来分析下这个远程代码执行漏洞，这个问题真的很严重，可以直接写shell的： 一、漏洞来自showmessage函数： function showmessage$message, $urlforward = '', $extra = '', $forwardtype = 0 extract$GLOBALS,...