CVE-2008-5963

Gravity GTD (Getting Things Done) up to version 0.4.5 is affected by an eval-injection vulnerability in library/setup/rpc.php that allows remote attackers to execute arbitrary PHP code via the objectname parameter. This CVE (CVE-2008-5963) is rated high by NVD (base score 10.0) with network attac...

CVE-2008-5920

The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...

Sql injection

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

DEBIAN-CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

KTorrent’s web interface plugin is affected by CVE-2008-5906 (and CVE-2008-5905). The vulnerability arises from improper handling of web-interface request parameters, enabling remote attackers to inject PHP code and, per Gentoo/Ubuntu advisories, potentially perform arbitrary code execution in th...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

XOOPS mydirname参数多个PHP代码注入漏洞

BUGTRAQ ID: 33176 Xoops是非常流行的动态web内容管理系统，用面向对象的PHP编写。...

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. VID f98dea27-d687-11dd-abd1-0050568452ac OpenVAS Vulnerability Test $ Description: Auto generated from VID f98dea27-d687-11dd-abd1-0050568452ac Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Megacubo 5.0.7 (mega://) remote eval() injection exploit

!-- Megacubo 5.0.7 mega:// remote eval injection exploit by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ tested against Internet Explorer 8 beta 2/xp sp 3 software site: http://www.megacubo.net/tv/ download url:...

PHP a the EVAL-vulnerability warning-the black bar safety net

Source: php, eval's BLOG Author: phpeval Some time ago a program out of the question. And this almost. 1. For the above code. If the URL submitted http://www. phpeval. cn/test. php? c=phpinfo; it can be found in phpinfois executed. And the corresponding submission of c=echo 1 1 1 1 1; found 1 1 1...

Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...

DEBIAN-CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

Hardcoded credentials

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...