OpenHelpDesk 1.0.100 eval() Code Execution Exploit (meta)

Exploit for unknown platform in category web applications ========================================================= OpenHelpDesk 1.0.100 eval Code Execution Exploit meta ========================================================= $Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part o...

OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)

$Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

CVE-2008-5963

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...

CVE-2008-5963

Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done GTD 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter...

CVE-2008-5963

Gravity GTD (Getting Things Done) up to version 0.4.5 is affected by an eval-injection vulnerability in library/setup/rpc.php that allows remote attackers to execute arbitrary PHP code via the objectname parameter. This CVE (CVE-2008-5963) is rated high by NVD (base score 10.0) with network attac...

CVE-2008-5920

The createanchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the pregreplace function with the eval switch...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

Sql injection

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

DEBIAN-CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

CVE-2008-5906

KTorrent’s web interface plugin is affected by CVE-2008-5906 (and CVE-2008-5905). The vulnerability arises from improper handling of web-interface request parameters, enabling remote attackers to inject PHP code and, per Gentoo/Ubuntu advisories, potentially perform arbitrary code execution in th...

CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

XOOPS mydirname参数多个PHP代码注入漏洞

BUGTRAQ ID: 33176 Xoops是非常流行的动态web内容管理系统，用面向对象的PHP编写。...

XOOPS Multiple Scripts mydirname Parameter Arbitrary Command Injection

The version of XOOPS installed on the remote host fails to filter user-supplied input to the 'mydirname' parameter of the 'onupdate.php', 'notification.php', and 'oninstall.php' scripts under the application's 'xoopslib/modules/protector' directory before passing it to PHP 'eval' functions...

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. VID f98dea27-d687-11dd-abd1-0050568452ac OpenVAS Vulnerability Test $ Description: Auto generated from VID f98dea27-d687-11dd-abd1-0050568452ac Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD Ports: twiki

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Megacubo 5.0.7 (mega://) remote eval() injection exploit

!-- Megacubo 5.0.7 mega:// remote eval injection exploit by Nine:Situations:Group::pyrokinesis site: http://retrogod.altervista.org/ tested against Internet Explorer 8 beta 2/xp sp 3 software site: http://www.megacubo.net/tv/ download url:...

PHP a the EVAL-vulnerability warning-the black bar safety net

Source: php, eval's BLOG Author: phpeval Some time ago a program out of the question. And this almost. 1. For the above code. If the URL submitted http://www. phpeval. cn/test. php? c=phpinfo; it can be found in phpinfois executed. And the corresponding submission of c=echo 1 1 1 1 1; found 1 1 1...

Wordpress 2.7.0 admin remote code execution vulnerability-vulnerability warning-the black bar safety net

by Ryatpuretot mail: puretot at gmail dot com team: http://www.80vul.com date: 2008-12-18 Analysis: This vulnerability out in the background: wp-admin/post.php if currentusercan'editpost', $postID if $last = wpcheckpostlock $post-ID $lastuser = getuserdata $last ; $lastusername = $lastuser ?...

CVE-2008-5619

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...