CVE-2006-5509

Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter...

CVE-2006-5509

The CVE concerns WoltLab Burning Book 1.1.2, where an eval injection vulnerability in addentry.php allows remote code execution. The issue arises when crafted POST data stores PHP code in the database, which is later processed by eval. The exploitation path is demonstrated via SQL injection throu...

Hacking tutorials series of micro-PHP Trojan explore-exploit warning-the black bar safety net

This article is nothing special, only required to initiate it. And gave and I did the dishes in PHP the door and wandering friend. Just learning PHP in a few days, I would rush to work, so there are errors and inadequacies Please a positive note. PHP syntax powerful is ASP in the dust, only one:...

Debian DSA-1034-1 : horde2 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1260 Null characters in the URL parameter bypas...

Debian DSA-1033-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabiliti...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

The CVE-2006-5185 issue affects HAMweather (versions 3.9.8.4 and earlier) where eval injection in Template.php occurs. An attacker can supply a modified query string that is passed to an eval call inside do_parse_code, allowing remote code execution. Impact is arbitrary code execution on the web ...

CVE-2006-4437

Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in 1 tags.php, 2 sign.php, and 3 admin/index.php...

CVE-2006-4437

The provided documents confirm CVE-2006-4437 in Tagger LE: an eval() injection vulnerability that allows remote attackers to execute arbitrary PHP code via crafted query string parameters in tags.php, sign.php, and admin/index.php. The root cause is unsanitised input being used directly inside an...

CVE-2006-4551

The CVE-2006-4551 entry describes an eval injection vulnerability in Feedsplitter (the feedsplitter.php handling path) that allows remote attackers to execute arbitrary PHP code by supplying the file to the value of the format parameter, and possibly via a malicious RSS feed. The root cause is im...

CVE-2006-4506

idmlib.sh in nxdrv in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " quote and \ backslash characters and eval injection...

CVE-2006-4506

idmlib.sh in nxdrv in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " quote and \ backslash characters and eval injection...

CVE-2006-4506

The CVE-2006-4506 entry concerns Novell Identity Manager (IDM) 3.0.1, where idmlib.sh in the nxdrv component allows local users to run arbitrary commands via unspecified vectors, with potential involvement of the " (quote) and \ (backslash) characters and eval injection. Public sources in the NVD...

security flaw

Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...

CVE-2006-3819

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF"...

CVE-2006-3819

CVE-2006-3819 affects TWiki 4.0.0 to 4.0.4. The vulnerability is an eval injection in the configure script, allowing remote attackers to execute arbitrary Perl code via an HTTP POST containing a parameter name that starts with “TYPEOF.” The issue enables remote code execution with the web server’...

PAC privilege escalation using Function.prototype.call — Mozilla

mozbugra4 reports that a malicious Proxy AutoConfig PAC server could serve a PAC script that can execute code with elevated privileges by setting the required FindProxyForURL function to the eval method on a privileged object that leaked into the PAC sandbox. By redirecting the victim to a...

DEBIAN-CVE-2006-2787

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...