CVE-2006-0887

Eval injection vulnerability in sessions.inc in PHP Base Library PHPLib before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

CVE-2006-0757

CVE-2006-0757 describes multiple PHP eval-injection vulnerabilities in HiveMail 1.3 and earlier, allowing remote attackers to execute arbitrary PHP code via various parameters (e.g., contactgroupid in addressbook.update.php, messageid in addressbook.add.php, folderid in folders.update.php, and ot...

CVE-2006-0757

Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

HiveMail <= 1.3 Multiple Vulnerabilities

GulfTech Security Research February 10, 2006 Vendor : HiveMail URL : http://www.hivemail.com/ Version : HiveMail = 1.3 Risk : Multiple Vulnerabilities Description: HiveMail is a powerful web-based email program that allows you to offer personal email accounts to your visitors. This makes HiveMail...

Sql injection

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username...

CVE-2006-0418

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username...

CVE-2006-0418

Affected product: 123 Flash Chat Server 5.0 and 5.1. Vulnerable: eval injection in username handling that allows arbitrary code execution. Root cause: crafted username processed in a way that enables code execution. Impact: potential compromise of confidentiality, integrity, and availability (as ...

123 Flash Chat 5.0 - Remote Code Injection

123 Flash Chat 5.0 - Remote Code Injection source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attacke...

More compact and more powerful--the Eval version of ASP Trojan principle analysis-vulnerability warning-the black bar safety net

WithWebto secure popularity, the administrator prevent WebShellartalso increased, the previous kind is placed directly on a WebShell era is slowly away from us, So now the WebShell more and more attention to its concealment. WebShell hiddenartis also developing very fast, from changing the code...

CVE-2006-0214

CVE-2006-0214 affects ezDatabase 2.0 and earlier. A vulnerability in the application’s PHP code allows remote attackers to execute arbitrary PHP via an eval injection in the db_id parameter to visitorupload.php, demonstrated with phpinfo and include() calls. The connected documents confirm the fl...

Sql injection

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

CVE-2006-0206

CVE-2006-0206 affects Light Weight Calendar (LWC) 1.0 (20040909) and earlier. The vulnerability is an eval injection: the date parameter submitted to index.php via cal.php is included and can be exploited to execute arbitrary PHP code on the server. This is a remote code execution issue. Connecte...

EUVD-2006-0214

Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...

CVE-2005-3539

CVE-2005-3539 affects HylaFAX up to version 4.2.x (notably 4.2.3 and earlier). The root cause is evaluation of untrusted input in HylaFAX components: the notify script and crafted CallID parameters to faxrcvd, enabling remote attackers to execute arbitrary commands with the HylaFAX server privile...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

DEBIAN-CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...