Sql injection

Eval injection vulnerability in modules/execute.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via the text parameter...

CVE-2008-1060

The CVE affects the Sniplets WordPress plugin, specifically versions 1.1.2 and 1.2.2, where an eval injection in modules/execute.php allows remote attackers to execute arbitrary PHP code via the text parameter. This results in remote code execution with the webserver user’s privileges, aligning w...

WordPress Sniplets Plugin <= 1.2.2 - Eval Injection

Because of this vulnerability in modules/execute.php, the attackers can execute arbitrary PHP code via the "text" parameter. Solution Update the plugin...

Memory corruption

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

CVE-2008-0413

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

Mozilla javascript engine crashes

The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via 1 a large switch statement, 2 certain uses of watch and eval, 3 certain uses of t...

Design/Logic Flaw

Eval injection vulnerability in admin/op/disp.php in Netwerk Smart Publisher 1.0.1 allows remote attackers to execute arbitrary PHP code via the filedata parameter...

CVE-2008-0503

CVE-2008-0503 affects Netwerk Smart Publisher 1.0.1. An eval() failure in admin/op/disp.php allows remote attackers to execute arbitrary PHP code via the filedata parameter, enabling unauthenticated, network-vector exploitation. CVSS 2.0 base score 6.8 ("NETWORK" attack vector, "MEDIUM" complexit...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

CVE-2008-0382

CVE-2008-0382 affects MyBB 1.2.10 and earlier. The vulnerability is due to eval injection in the sortby parameter of forumdisplay.php or the results action in search.php, enabling remote attackers to execute arbitrary PHP code. This is a remote, unauthenticated code-execution issue with impact on...

CVE-2008-0382

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to 1 forumdisplay.php or 2 a results action in search.php...

Debian Security Advisory DSA 1423-1 (sitebar)

The remote host is missing an update to sitebar announced via advisory DSA 1423-1. OpenVAS Vulnerability Test $Id: deb14231.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1423-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

MyBB forumdisplay.php 'sortby' Parameter Arbitrary PHP Code Execution

The version of MyBB installed on the remote host is affected by an arbitrary PHP code execution vulnerability due to improper sanitization of user-supplied input to the 'sortby' parameter of the forumdisplay.php script before using it in an eval statement to evaluate PHP code. A remote,...

Sql injection

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parseold.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter...

CVE-2008-0139

CVE-2008-0139 affects Loudblog 0.8.0 and earlier. An Eval injection in loudblog/inc/parse_old.php via the template parameter allows remote attackers to execute arbitrary PHP code. CVSS2 base metrics indicate Network access, no authentication, and partial impact to confidentiality, integrity, and ...

Loudblog loudblog/inc/parse_old.php template Parameter Arbitrary Remote Code Execution

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog on the remote host fails to sanitize input to the 'template' parameter of the 'loudblog/inc/parseold.php' script before using it in an 'eval' statement to evaluate PHP...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

Sql injection

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...

CVE-2007-6550

form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...