Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2429 matches found

CVE
CVEadded 2007/01/26 1:0 a.m.43 views

CVE-2007-0535

CVE-2007-0535 (and related CVE-2007-0504) affect Vote! Pro 4.0 and possibly earlier, via eval injection in poll_frame.php where the poll_id parameter is passed to eval. This allows remote attackers to execute arbitrary code due to unsanitized input in PHP scripts; vectors are not fully detailed b...

7.5CVSS7.8AI score0.05568EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2007/01/26 12:28 a.m.15 views

CVE-2007-0504

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

10CVSS7.7AI score0.17544EPSS
Exploits0References4
Prion
Prionadded 2007/01/26 12:28 a.m.11 views

Sql injection

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

10CVSS8.1AI score0.17544EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2007/01/26 12:0 a.m.21 views

CVE-2007-0504

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

7.7AI score0.17544EPSS
Exploits0References4
EUVD
EUVDadded 2007/01/26 12:0 a.m.3 views

EUVD-2007-0502

Eval injection vulnerability in pollframe.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the pollid parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632...

10CVSS7.6AI score0.17544EPSS
Exploits1References4
CVE
CVEadded 2007/01/26 12:0 a.m.42 views

CVE-2007-0504

CVE-2007-0504 is an eval-injection vulnerability in Vote! Pro 4.0 (poll_frame.php and possibly other scripts). It allows remote attackers to execute arbitrary code by supplying a malicious poll_id that is passed to an eval() call. Descriptions from connected records confirm the poll_id/eval vecto...

10CVSS7.8AI score0.17544EPSS
Exploits0References4Affected Software1
seebug.org
seebug.orgadded 2007/01/24 12:0 a.m.12 views

Vote!Pro eval()调用代码注入漏洞

Vote!Pro是一个可以自定义的在线投票和调查程序。 Vote!Pro处理有用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 Vote!Pro的pollframe.php文件没有正确地过滤eval调用所使用的pollid参数,允许攻击者通过提交特制的参数值注入并执行任意PHP代 Vote! Pro 4.0 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.vote-pro.com/ http://www.sebug.net/show-exp-995.html...

7.1AI score
Exploits0
NVD
NVDadded 2007/01/09 11:28 a.m.12 views

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

7.5CVSS7.9AI score0.14145EPSS
Exploits1References11
Prion
Prionadded 2007/01/09 11:28 a.m.15 views

Sql injection

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

7.5CVSS8.5AI score0.14145EPSS
Exploits1References11Affected Software1
Cvelist
Cvelistadded 2007/01/09 11:0 a.m.17 views

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

7.9AI score0.14145EPSS
Exploits1References11
CVE
CVEadded 2007/01/09 11:0 a.m.45 views

CVE-2007-0134

The CVE-2007-0134 issue affects iGeneric iG Shop, originally version 1.0. It enables remote code execution via eval in the action parameter passed to eval call sites in cart.php and page.php. A later report notes the vulnerability is also present in version 1.4. The connected sources consistently...

7.5CVSS7.9AI score0.14145EPSS
Exploits1References11Affected Software1
securityvulns
securityvulnsadded 2007/01/05 12:0 a.m.59 views

iG Shop 1.0 Multiple Remote Vulnerabilities

"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...

0.3AI score
Exploits0
seebug.org
seebug.orgadded 2007/01/05 12:0 a.m.16 views

iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities

No description provided by source. "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...

7.1AI score
Exploits0
Packet Storm
Packet Stormadded 2007/01/05 12:0 a.m.25 views

igshop10-multiple.txt

"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2007/01/05 12:0 a.m.57 views

ig shop 1.0 - Code Execution / SQL Injection

"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...

7.4AI score
Exploits0
Cvelist
Cvelistadded 2007/01/04 2:0 a.m.14 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

7.5AI score0.00897EPSS
Exploits0References5
CVE
CVEadded 2007/01/04 2:0 a.m.34 views

CVE-2006-6852

tDiary 2.0.3 and 2.1.4.200 contain an eval injection vulnerability that lets a remote authenticated attacker run arbitrary Ruby scripts. The root cause is described as incorrect input validation in two web templates (conf.rhtml and i.conf.rhtml), enabling arbitrary code execution on the web serve...

6CVSS7.5AI score0.00897EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVEadded 2007/01/04 2:0 a.m.16 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

6CVSS6.7AI score0.00897EPSS
Exploits0
NVD
NVDadded 2006/12/31 5:0 a.m.11 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

6CVSS7.5AI score0.00897EPSS
Exploits0References5
NVD
NVDadded 2006/10/25 10:7 p.m.8 views

CVE-2006-5509

Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter...

7.5CVSS8.3AI score0.01333EPSS
Exploits0References7
Rows per page
Query Builder