roundcube -- remote execution of arbitrary code

Entry for CVE-2008-5619 says: html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch...

Design/Logic Flaw

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH% variable...

FreeBSD Ports: mantis

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-5305

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH% variable...

codeigniter -- arbitrary script execution in the new Form Validation class

znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

CVE-2008-5071

The CVE-2008-5071 issue affects Yoxel software (version 1.23beta and earlier) where itpm_estimate.php is vulnerable to multiple eval injection flaws. The underlying cause is eval-based code execution triggered by the proj_id parameter, allowing remote authenticated users to run arbitrary PHP code...

CVE-2008-5071

Multiple eval injection vulnerabilities in itpmestimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the projid parameter...

Analysis of a php exploit code-exploit warning-the black bar safety net

A few days ago to see a period of interesting code, records. First introduced to the php in a famous function pregreplace, which prototype is: mixed pregreplace mixed pattern, mixed replacement, mixed subject , int limit This function is an interesting place to be: as long as the first parameter...

Weave a dream(Dedecms)arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Vulnerability page is \include\incbookfunctions.php The trigger page is member/storyaddcontentaction.php Next is open the following address: http://www.xxx.com/member/storyaddcontentaction.php?chapterid=1&arcID=1&body=?& gt; Followed by the word code. When you see the successful message indicates...

phpMyAdmin执行任意命令漏洞

BugCVE: CAN-2001-1060 BUGTRAQ: 3121 phpMyAdmin中存在一个输入验证错误，允许远程攻击者执行任意命令。攻击者可能获取 敏感信息或者以httpd运行身份执行任意命令。 问题处在'tblcopy.php' 和 'tblrename.php'中的下列代码中: tblcopy.php: eval $message = \ $strCopyTableOK\ ; ; tblrename.php: eval $message = \ $strRenameTableOK\ ; ; 如果用户可以控制$strCopyTableOK 或...

Sql injection

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

Eval injection vulnerability in globalsoff.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary PHP code via the test parameter, and probably arbitrary parameters, to chat.php...

CVE-2008-3764

CVE-2008-3764 describes an eval injection in Turnkey PHP Live Helper (PHP Live Helper) 2.0.1 and earlier. The vulnerability resides in globalsoff.php and allows remote attackers to execute arbitrary PHP code via the test parameter (and likely other parameters) passed to chat.php. This is a remote...

Sql injection

Eval injection vulnerability in admconfigset.php in Mantis before 1.1.2 allows remote authenticated administrators to execute arbitrary code via the value parameter...

CVE-2008-3332

CVE-2008-3332 is an eval() injection in adm_config_set.php in MantisBT prior to 1.1.2. Remote authenticated administrators can execute arbitrary PHP commands via the value parameter. Evidence from Gentoo GLSA 200809-10 and related advisories indicates upgrade to the latest MantisBT (>=1.1.2) a...

Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1060

The CVE affects the Sniplets WordPress plugin, specifically versions 1.1.2 and 1.2.2, where an eval injection in modules/execute.php allows remote attackers to execute arbitrary PHP code via the text parameter. This results in remote code execution with the webserver user’s privileges, aligning w...

WordPress Sniplets Plugin <= 1.2.2 - Eval Injection

Because of this vulnerability in modules/execute.php, the attackers can execute arbitrary PHP code via the "text" parameter. Solution Update the plugin...

Memory corruption

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...