PHPCMS2008 Yellow Pages module vulnerability-vulnerability warning-the black bar safety net

PHPCMS2008 Yellow Pages module vulnerability variable initialization is not strict lead to arbitrary PHP code execution PHPCMS2008 system string2array function calls eval with high-risk, in/yp/web/include/common. inc. php$menu variable initialization is not strict, the result can be injected to...

Ubuntu: Security Advisory (USN-1643-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for perl USN-1643-1

Ubuntu Update for Linux kernel vulnerabilities USN-1643-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for perl USN-1643-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

[USN-1643-1] Perl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1643-1 November 30, 2012 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-1643-1: Perl vulnerabilities

It was discovered that the decodexs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. CVE-2011-2939 It was discovered that the 'new' constructor in the Digest module is...

Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1)

It was discovered that the decodexs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. CVE-2011-2939 It was discovered that the 'new' constructor in the Digest module is...

Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)

The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which...

Sql injection

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template...

CVE-2012-5777

CVE-2012-5777 affects EmpireCMS 6.6, specifically the template parser’s ReplaceListVars function in e/class/connect.php. The issue is an eval injection that allows a user-assisted remote attacker to execute arbitrary PHP code via a crafted template, leading to potential full web-server compromise...

jNews com_jnews 7.0.0 => 7.7.5 execute arbitrary PHP code

The vulnerability affects all variations of jNews, including the premium ones this is where the 7.7.5 comes in, not just the free version. The dork "inurl:comjnews" currently produces "About 37,100 results". The exploit will create a file on the targeted website and enable you to execute arbitrar...

akcms code execution vulnerability-vulnerability warning-the black bar safety net

Last week digging out of the akcms background stencil getshell feeling nothing new, and then carefully looked at the code, found a comparison with“the future”of the hole, the code execution vulnerability, and the problem function is that the authors provided to the station user for secondary...

CVE-2011-4932

Eval injection vulnerability in ipcms/modules/standard/contentmanagement/actions.php in ImpressPages CMS 1.0.12 and possibly other versons before 1.0.13 allows remote attackers to execute arbitrary code via the cmgroup parameter...

CVE-2011-4932

Summary: CVE-2011-4932 affects ImpressPages CMS, specifically the file ip_cms/modules/standard/content_management/actions.php. The underlying issue is an eval injection in the cm_group parameter that allows remote attackers to execute arbitrary PHP code, resulting in remote code execution. This v...

CVE-2012-5223

The procdeutf function in includes/functionsvbseocpabstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the charrepl parameter, which is inserted into a regular expression that is processed by...

phpMyAdmin 'server_sync.php'远程后门漏洞

BUGTRAQ ID: 55672 CVE ID: CVE-2012-5159 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin通过"cdnetworks-kr-1" SourceForge mirror系统分发的phpMyAdmin 3.5.2.2及其他版本源文件为phpMyAdmin-3.5.2.2-all-languages.zip，其中包含名为serversync.php的木马，可允许远程攻击者通过调用eval攻击执行任意命令。 0 phpMyAdmin 3.5.2.2 厂商补丁： phpMyAdmin...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

Design/Logic Flaw

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-5159

CVE-2012-5159 affects phpMyAdmin 3.5.2.2 distributed via the cdnetworks-kr-1 SourceForge mirror. A trojaned backdoor in server_sync.php enables remote arbitrary PHP code execution via an eval injection. The issue originates from an externally introduced modification to the package; other files (e...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...

CVE-2012-5159

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification Trojan Horse in serversync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack...