CVE-2010-0440

The CVE-2010-0440 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco Secure Desktop (CSCOT) translation path. Affects Cisco Secure Desktop 3.4.2048 and earlier than 3.5, and is also implicated in Cisco ASA appliances running before 8.2(1), 8.1(2.7), and 8.0(5). The root cause is imprope...

Discuz! 7.1 - 7.2 远程代码执行漏洞

产生漏洞的$scriptlang数组在安装插件后已经初始化 Discuz！新版本7.1与7.2版本中的showmessage函数中eval中执行的参数未初始化，可以任意提交，从而可以执行任意PHP命令。 下面来分析下这个远程代码执行漏洞，这个问题真的很严重，可以直接写shell的： 一、漏洞来自showmessage函数： function showmessage$message, $urlforward = '', $extra = '', $forwardtype = 0 extract$GLOBALS,...

PHP vulnerability full solution-vulnerability warning-the black bar safety net

PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...

PHP - MultiPart Form-Data Denial of Service (PoC)

!/usr/bin/python PHP MultiPart Form-Data Denial of Service proof of concept, 23-10-2009 Bogdan Calin [email protected] import httplib, urllib, sys, string, threading from string import replace from urlparse import urlparse def usage: print "" print " PHP MultiPart Form-Data Denial of Service...

Design/Logic Flaw

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service application crash via JavaScript code that calls eval on a long string composed of A/ sequences...

Apple Safari 3.2.3 (Windows x86) - JavaScript eval Remote Denial of Service

Apple Safari 3.2.3 Windows x86 - JavaScript eval Remote Denial of Service !/usr/bin/perl letsgosurfinnowonsafari.pl AKA Safari 3.2.3 Win32 JavaScript 'eval' Remote Denial of Service Exploit Jeremy Brown [email protected]//jbrownsec.blogspot.com//krakowlabs.com 09.07.2009 Safari crashes when...

Apple Safari / WebKit DoS

Stack overflow stack memory exhaustion on eval expression parsing...

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

DEBIAN-CVE-2009-2946

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages...

CVE-2009-2946

CVE-2009-2946 references an eval injection in devscripts' uscan.pl prior to revision 1984, enabling remote Perl code execution via crafted pathnames on distribution servers. Connected advisories (Debian DSA-1878-1/DSA-1878-2, Ubuntu USN-847-1/2, Red Hat RH CVE entry, OpenVAS/Nessus synopses) conf...

Cross site scripting

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Eval injection vulnerability in the cscowrapjs function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances ASA device with software 8.04, 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting XSS attacks by setting CSCOWebVPN'process...

CVE-2009-1201

Cisco ASA Web VPN vulnerability CVE-2009-1201 affects ASA with Web VPN (clientless SSL VPN) on versions 8.0(4), 8.1.2, and 8.2.1. The issue lies in the csco_wrap_js function in /+CSCOL+/cte.js, which uses CSCO_WebVPN['process'] to compute html and then evals the result, allowing an attacker-contr...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Sql injection

Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI...

CVE-2008-6748

CVE-2008-6748 affects Megacubo 5.0.7. The issue is an eval injection in the application, enabling remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI. The root cause is dynamic evaluation of input (eval) exposed through the play action. The provided docu...

PHP Director <= 0.21 (sql into outfile) eval() Injection Exploit

No description provided by source. include stdio.h include stdlib.h include string.h include netinet/in.h include arpa/inet.h include netdb.h / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit-...

PHP Director 0.21 - SQL Into Outfile eval() Injection

PHP Director 0.21 - SQL Into Outfile eval Injection include include include include include include / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit-...