2430 matches found
Code injection
avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...
CVE-2009-0673
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...
CVE-2009-0673
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...
CVE-2009-0673
CVE-2009-0673 describes an eval injection in RavenNuke 2.30’s Custom Fields within the Your Account module. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. Affected product/stack: Raven W...
RavenNuke 2.3.0 Multiple Remote Vulnerabilities
No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...
RavenNuke 2.3.0 Code Execution / SQL Injection
waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.html Description of vulnerable softwar...
CVE-2008-6132
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...
Sql injection
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...
CVE-2008-6132
phpScheduleIt 1.2.10 and earlier is affected by an eval injection in reserve.php's start_date parameter when magic_quotes_gpc is disabled, allowing remote code execution. The vulnerability is confirmed by multiple sources (NVD entry CVE-2008-6132; OpenVAS and CVE cross-references; Metasploit modu...
FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)
znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...
CVE-2009-0517
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...
Sql injection
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...
CVE-2009-0517
CVE-2009-0517 affects phpSlash 0.8.1.1 and earlier. The flaw is an eval()-based injection where unvalidated input in the fields parameter is passed to eval() inside tz_env.class, enabling remote PHP code execution with the web server’s privileges. Impact is described as complete impacts to confid...
Firefox XSS using a chrome XBL method and window.eval
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...
XSS using a chrome XBL method and window.eval — Mozilla
Mozilla security researcher mozbugra4 reported that a chrome XBL method can be used in conjunction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy...
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)
$Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
OpenHelpDesk 1.0.100 - eval() Code Execution (Metasploit)
OpenHelpDesk 1.0.100 - eval Code Execution Metasploit $Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...
OpenHelpDesk 1.0.100 eval() Code Execution Exploit (meta)
Exploit for unknown platform in category web applications ========================================================= OpenHelpDesk 1.0.100 eval Code Execution Exploit meta ========================================================= $Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part o...
CVE-2008-5963
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...
CVE-2008-5963
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...