CVE-2005-3302

CVE-2005-3302 is an eval-injection vulnerability in Blender 2.36 (bvh_import.py) that lets an attacker execute arbitrary Python code via a hierarchy element in a .bvh file fed to an eval(). The issue arises from missing input validation in the Blender importer. Impact described in sources include...

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2005:799-01 Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2005:799 Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby ...

security flaw

Firefox 1.0.6 allows attackers to cause a denial of service crash via a Proxy Auto-Config PAC script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability...

CVE-2005-2837

Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via 1 Help.pm, 2 International.pm, or 3 WebGUI.pm...

CVE-2005-2837

Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via 1 Help.pm, 2 International.pm, or 3 WebGUI.pm...

CVE-2005-2837

CVE-2005-2837 affects Plain Black Software WebGUI prior to 6.7.3. Multiple eval injection flaws in the modules Help.pm, International.pm, and WebGUI.pm allow remote attackers to execute arbitrary Perl code. This is a remote code execution risk on WebGUI installations exposed to an attacker; explo...

PT-2005-3703 · Plain Black · Webgui

Name of the Vulnerable Software and Affected Versions: WebGUI versions prior to 6.7.3 Description: The issue allows remote attackers to execute arbitrary Perl code via multiple eval injection vulnerabilities in the following modules: 1 Help.pm, 2 International.pm, or 3 WebGUI.pm. Recommendations:...

Debian DSA-798-1 : phpgroupware - several vulnerabilities

Several vulnerabilities have been discovered in phpgroupware, a web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows...

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...

GLSA-200508-13 : PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200508-13 PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses wit...

Debian DSA-789-1 : php4 - several vulnerabilities

Several security related problems have been found in PHP4, the server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1751 Eric Romang discovered insecure temporary files in the shtool utility shipped with PHP...

PEAR XML-RPC, phpxmlrpc: New PHP script injection vulnerability

Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description Stefan Esser of the Hardened-PHP Project discovered that the PEAR XML-RPC and phpxmlrpc libraries were improperly handling XMLRPC requests and responses with malformed nested tags...

CVE-2005-2624

Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaintargument parameter to 1 calculator.asp or 2 cpaintfile.asp, which is directly fed into an eval statement...

CVE-2005-2624

CVE-2005-2624 affects CPAINT 1.3-SP. The vulnerability occurs when user-supplied cpaint_argument[] is fed directly into an eval statement in calculator.asp and cpaintfile.asp, allowing remote attackers to execute arbitrary ASP code. The root cause is eval-injection via unsanitized input. The publ...

CVE-2005-2624

Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaintargument parameter to 1 calculator.asp or 2 cpaintfile.asp, which is directly fed into an eval statement...