Design/Logic Flaw

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service application crash via JavaScript code that calls eval on a long string composed of A/ sequences...

Apple Safari 3.2.3 (Windows x86) - JavaScript eval Remote Denial of Service

Apple Safari 3.2.3 Windows x86 - JavaScript eval Remote Denial of Service !/usr/bin/perl letsgosurfinnowonsafari.pl AKA Safari 3.2.3 Win32 JavaScript 'eval' Remote Denial of Service Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 09.07.2009 Safari crashes when...

Apple Safari / WebKit DoS

Stack overflow stack memory exhaustion on eval expression parsing...

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

DEBIAN-CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

CVE-2009-2946

CVE-2009-2946 references an eval injection in devscripts' uscan.pl prior to revision 1984, enabling remote Perl code execution via crafted pathnames on distribution servers. Connected advisories (Debian DSA-1878-1/DSA-1878-2, Ubuntu USN-847-1/2, Red Hat RH CVE entry, OpenVAS/Nessus synopses) conf...

Cross site scripting

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Cisco ASA Web VPN vulnerability CVE-2009-1201 affects ASA with Web VPN (clientless SSL VPN) on versions 8.0(4), 8.1.2, and 8.2.1. The issue lies in the csco_wrap_js function in /+CSCOL+/cte.js, which uses CSCO_WebVPN['process'] to compute html and then evals the result, allowing an attacker-contr...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Sql injection

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI...

CVE-2008-6748

CVE-2008-6748 affects Megacubo 5.0.7. The issue is an eval injection in the application, enabling remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. The root cause is dynamic evaluation of input (eval) exposed through the play action. The provided docu...

PHP Director <= 0.21 (sql into outfile) eval() Injection Exploit

No description provided by source. include stdio.h include stdlib.h include string.h include netinet/in.h include arpa/inet.h include netdb.h / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit-...

PHP Director 0.21 - SQL Into Outfile eval() Injection

PHP Director 0.21 - SQL Into Outfile eval Injection include include include include include include / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit-...

PHP Director 0.21 - SQL Into Outfile 'eval()' Injection

include include include include include include / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit- index.php?cat=%27+UNION+SELECT+1,'lol',3,4,5,6,7,8,9,10,11,12,13,14,15+INTO+OUTFILE+'/var/www/ex.php'/ PHP.ini- Magic Quotes off Written- by...

CVE-2009-0820

Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via 1 the enddate parameter to reserve.php and 2 the startdate and enddate parameters to check.php. NOTE: the startdate/reserve.php vector is already covered by CVE-2008-6132...

CVE-2009-0820

Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via 1 the enddate parameter to reserve.php and 2 the startdate and enddate parameters to check.php. NOTE: the startdate/reserve.php vector is already covered by CVE-2008-6132...

CVE-2009-0820

CVE-2009-0820 affects phpScheduleIt prior to 1.2.11. It enables remote arbitrary PHP code execution via eval injection through reserve.php (end_date) and check.php (start_date/end_date); the start_date vector is also covered by CVE-2008-6132. OpenVAS/Exploit DB references confirm reserve.php RCE ...