CVE-2008-0413

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

Mozilla javascript engine crashes

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

Design/Logic Flaw

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter...

CVE-2008-0503

CVE-2008-0503 affects Netwerk Smart Publisher 1.0.1. An eval() failure in admin/op/disp.php allows remote attackers to execute arbitrary PHP code via the filedata parameter, enabling unauthenticated, network-vector exploitation. CVSS 2.0 base score 6.8 ("NETWORK" attack vector, "MEDIUM" complexit...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

CVE-2008-0382

CVE-2008-0382 affects MyBB 1.2.10 and earlier. The vulnerability is due to eval injection in the sortby parameter of forumdisplay.php or the results action in search.php, enabling remote attackers to execute arbitrary PHP code. This is a remote, unauthenticated code-execution issue with impact on...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution

The version of MyBB installed on the remote host is affected by an arbitrary PHP code execution vulnerability due to improper sanitization of user-supplied input to the 'sortby' parameter of the forumdisplay.php script before using it in an eval statement to evaluate PHP code. A remote,...

Debian Security Advisory DSA 1423-1 (sitebar)

The remote host is missing an update to sitebar announced via advisory DSA 1423-1. OpenVAS Vulnerability Test $Id: deb14231.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1423-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Sql injection

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

CVE-2008-0139 affects Loudblog 0.8.0 and earlier. An Eval injection in loudblog/inc/parse_old.php via the template parameter allows remote attackers to execute arbitrary PHP code. CVSS2 base metrics indicate Network access, no authentication, and partial impact to confidentiality, integrity, and ...

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog on the remote host fails to sanitize input to the 'template' parameter of the 'loudblog/inc/parseold.php' script before using it in an 'eval' statement to evaluate PHP...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

Sql injection

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

CVE-2007-6550

PMOS Help Desk 2.4 and earlier is affected by CVE-2007-6550. form.php redirects without exiting, enabling remote attackers to perform eval injection and execute arbitrary PHP code via the options array parameter. Affected component: PMOS Help Desk’s PHP form handling. Root cause: missing exit aft...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

DSA-1423-1 sitebar - several vulnerabilities

Bulletin has no description...

Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets)

This is a follow-up to 0 and 1. Last night, I wrote: It would probably be an interesting exercise to go through some more dashboard widgets and grep for eval. I'd bet quite a bit that there's much more out there. - The top-50 facebook widget 2 uses the AllowFullAccess configuration option, which...

CVE-2007-5693

Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...