PT-2005-2876 · Egroupware +10 · Egroupware +10

Name of the Vulnerable Software and Affected Versions: PEAR XML RPC versions 1.3.0 and earlier PHPXMLRPC versions 1.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement...

PEAR XML_RPC Remote Code Execution Vulnerability

GulfTech Security Research June 29th, 2005 Vendor : The PEAR Group URL : http://pear.php.net/package/XMLRPC/ Version : PEAR XMLRPC 1.3.0 && Earlier Risk : Remote Command Execution Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different develope...

pear-XML_RPC -- arbitrary remote code execution

GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...

CVE-2002-1751

csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2002-1753

csNewsPro.cgi in CGIScript.net csNews Professional csNewsPro allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2002-1752

CVE-2002-1752 ffects CGIScript.net csChat-R-Box. csChatRBox.cgi processes the setup parameter with Perl’s eval, enabling remote attackers to execute arbitrary code. The vulnerability is confirmed across multiple sources (NVD/CVE entries; PT-Security advisory) and is described as a remote code exe...

CVE-2002-1752

csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...

CVE-2003-1178

CVE-2003-1178 affects Advanced Poll 2.0.2. It exposes a vulnerability in comments.php where the (1) id, (2) template_set, or (3) action parameter can cause evaluated PHP code to run, allowing remote code execution. Impact is consistent with arbitrary PHP execution (no authentication required as p...

CVE-2005-1160

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...

security flaw

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...

CVE-2005-1160

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object...

mozilla -- privilege escalation via DOM property overrides

A Mozilla Foundation Security Advisory reports: mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was privileg...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in 1 functions.inc.php or 2 main.php, which causes code to be injected into an eval statement...

CVE-2005-0887

The CVE-2005-0887 issue affects Double Choco Latte prior to 0.9.4.3. Root cause: eval() executed with user-supplied input via the menuAction variable in functions.inc.php or main.php, enabling remote arbitrary PHP code execution. Impact: partial confidentiality, integrity, and availability depend...

DEBIAN-CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...

Remote code injection in phpMyAdmin

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php...

CVE-2003-1178

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the 1 id, 2 templateset, or 3 action parameter...