PHP Director 0.21 - SQL Into Outfile 'eval()' Injection

include include include include include include / Dork "Powered by PHP Director 0.2" | PHP Director 0.2.1 sql into outfile eval Injection Exploit | Exploit- index.php?cat=%27+UNION+SELECT+1,'lol',3,4,5,6,7,8,9,10,11,12,13,14,15+INTO+OUTFILE+'/var/www/ex.php'/ PHP.ini- Magic Quotes off Written- by...

CVE-2009-0820

Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via 1 the enddate parameter to reserve.php and 2 the startdate and enddate parameters to check.php. NOTE: the startdate/reserve.php vector is already covered by CVE-2008-6132...

CVE-2009-0820

Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via 1 the enddate parameter to reserve.php and 2 the startdate and enddate parameters to check.php. NOTE: the startdate/reserve.php vector is already covered by CVE-2008-6132...

CVE-2009-0820

CVE-2009-0820 affects phpScheduleIt prior to 1.2.11. It enables remote arbitrary PHP code execution via eval injection through reserve.php (end_date) and check.php (start_date/end_date); the start_date vector is also covered by CVE-2008-6132. OpenVAS/Exploit DB references confirm reserve.php RCE ...

Code injection

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

CVE-2009-0673

CVE-2009-0673 describes an eval injection in RavenNuke 2.30’s Custom Fields within the Your Account module. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. Affected product/stack: Raven W...

RavenNuke 2.3.0 Code Execution / SQL Injection

waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.html Description of vulnerable softwar...

RavenNuke 2.3.0 Multiple Remote Vulnerabilities

No description provided by source. waraxe-2009-SA072 - Multiple Vulnerabilities in RavenNuke 2.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 16. February 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-72.htm...

CVE-2008-6132

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

Sql injection

Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via the startdate parameter...

CVE-2008-6132

phpScheduleIt 1.2.10 and earlier is affected by an eval injection in reserve.php's start_date parameter when magic_quotes_gpc is disabled, allowing remote code execution. The vulnerability is confirmed by multiple sources (NVD entry CVE-2008-6132; OpenVAS and CVE cross-references; Metasploit modu...

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

CVE-2009-0517

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

Sql injection

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tzenv.class. NOTE: some of these details are obtained...

CVE-2009-0517

CVE-2009-0517 affects phpSlash 0.8.1.1 and earlier. The flaw is an eval()-based injection where unvalidated input in the fields parameter is passed to eval() inside tz_env.class, enabling remote PHP code execution with the web server’s privileges. Impact is described as complete impacts to confid...

Firefox XSS using a chrome XBL method and window.eval

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

XSS using a chrome XBL method and window.eval — Mozilla

Mozilla security researcher mozbugra4 reported that a chrome XBL method can be used in conjunction with window.eval to execute arbitrary JavaScript within the context of another website, violating the same origin policy...

OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)

$Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...