2522 matches found
CVE-2005-1527
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...
CVE-2005-1527
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...
DEBIAN-CVE-2005-1527
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...
PT-2005-2520 · Awstats · Awstats
Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 and earlier Description: The issue allows remote attackers to execute arbitrary Perl code via the HTTP Referrer when a URLPlugin is enabled. This is achieved by inserting the $url parameter into an eval function call,...
AWStats Referrer Header Arbitrary Command Execution
The remote host is running AWStats, an open source web analytics tool used for analyzing data from internet services such as web, streaming, media, mail and FTP servers. The version of AWStats installed on the remote host collects data about the web referrers and uses them without proper sanitati...
SysCP 1.2.x - Multiple Script Execution Vulnerabilities
SysCP 1.2.x - Multiple Script Execution Vulnerabilities source: https://www.securityfocus.com/bid/14490/info SysCP is affected by multiple script execution vulnerabilities. The following specific vulnerabilities were identified: The application is affected by a remote file include vulnerability. ...
CVE-2005-2483
Karrigell before 2.1.8 is affected by an eval-injection vulnerability in its services (.ks) scripts, allowing remote attackers to run arbitrary Python code by passing modified arguments that reference library functions used by the script. The connected documents do not provide exploit details bey...
security flaw
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160...
CVE-2005-2262
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" in Firefox or "Set as Background" in Netscape context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewallin...
FreeBSD : mozilla -- privilege escalation via non-DOM property overrides (a6427195-c2c7-11d9-89f7-02061b08fc24)
A Mozilla Foundation Security Advisory reports : Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional...
FreeBSD : mozilla -- privilege escalation via DOM property overrides (f650d5b8-ae62-11d9-a788-0001020eed82)
A Mozilla Foundation Security Advisory reports : mozbugra4 reported several exploits giving an attacker the ability to install malicious code or steal data, requiring only that the user do commonplace actions like click on a link or open the context menu. The common cause in each case was...
security flaw
Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...
pear-XML_RPC -- information disclosure vulnerabilities
The pear-XMLRPC release notes reports that the following issues has been fixed: Eliminate path disclosure vulnerabilities by suppressing error messages when eval'ing. Eliminate path disclosure vulnerability by catching bogus parameters submitted to XMLRPCValue::serializeval...
CVE-2005-1921
Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...
PEAR XML_RPC Remote Code Execution Vulnerability
GulfTech Security Research June 29th, 2005 Vendor : The PEAR Group URL : http://pear.php.net/package/XMLRPC/ Version : PEAR XMLRPC 1.3.0 && Earlier Risk : Remote Command Execution Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different develope...
PT-2005-2876 · Egroupware +10 · Egroupware +10
Name of the Vulnerable Software and Affected Versions: PEAR XML RPC versions 1.3.0 and earlier PHPXMLRPC versions 1.1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement...
pear-XML_RPC -- arbitrary remote code execution
GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...
CVE-2002-1751
csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...
CVE-2002-1753
csNewsPro.cgi in CGIScript.net csNews Professional csNewsPro allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function...
CVE-2002-1752
CVE-2002-1752 ffects CGIScript.net csChat-R-Box. csChatRBox.cgi processes the setup parameter with Perl’s eval, enabling remote attackers to execute arbitrary code. The vulnerability is confirmed across multiple sources (NVD/CVE entries; PT-Security advisory) and is described as a remote code exe...