CVE-2005-4317

Limbo CMS 1.0.4.2 and earlier, with registerglobals off, does not protect the $SERVER variable from external modification, which allows remote attackers to use the SERVERREMOTEADDR parameter to 1 conduct cross-site scripting XSS attacks in the stats module or 2 execute arbitrary code via an eval...

CVE-2005-4317

Limbo CMS (versions up to 1.0.4.2) is affected by multiple flaws. When register_globals is off and a MySQL backend is used, improper sanitization of _SERVER[REMOTE_ADDR] enables SQL injection. The same parameter can also enable cross-site scripting in the Stats module. Additionally, index2.php pe...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2005-4031

MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2004-2631

CVE-2004-2631 affects phpMyAdmin 2.5.1–2.5.7, where LeftFrameLight being FALSE enables eval injection in left.php, allowing remote attackers to execute arbitrary PHP code via a crafted table name. The issue is rated CVSS v2 base 7.5 (Network, Low attack complexity, no authentication). Connected a...

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...

CVE-2005-3823

CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...

CVE-2005-3554

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...

CVE-2005-3554

Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...

CVE-2005-3554

CVE-2005-3554 describes multiple eval-injection vulnerabilities in the help function of PHP-Kit up to version 1.6.1 R2, triggered when register_globals is enabled. Remote attackers could execute arbitrary code on the server via uninitialized variables. The description notes unknown attack vectors...

CVE-2005-3405

ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the 1 asc or 2 desc parameters set, possibly due to an eval injection vulnerability...

CVE-2005-3405

ATutor

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

DEBIAN-CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

CVE-2005-3302

CVE-2005-3302 is an eval-injection vulnerability in Blender 2.36 (bvh_import.py) that lets an attacker execute arbitrary Python code via a hierarchy element in a .bvh file fed to an eval(). The issue arises from missing input validation in the Blender importer. Impact described in sources include...

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...