2513 matches found
DSA-1423-1 sitebar - several vulnerabilities
Bulletin has no description...
Some more widgets: Facebook, Hockey, FlickrInterestingNess (Re: [MacOS X] Insecure eval() in Twitgit and Twitterlex dashboard widgets)
This is a follow-up to 0 and 1. Last night, I wrote: It would probably be an interesting exercise to go through some more dashboard widgets and grep for eval. I'd bet quite a bit that there's much more out there. - The top-50 facebook widget 2 uses the AllowFullAccess configuration option, which...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2007-5693
SiteBar 3.3.8 contains an eval-injection vulnerability in the translation module (translator.php) that allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action (CVE-2007-5693). Evidence across multiple advisories (Debian DSA-1423-1, GLSA, and OSS...
CVE-2007-5453
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...
Sql injection
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...
CVE-2007-5453
CVE-2007-5453 concerns Php-Stats 0.1.9.2, which contains multiple eval-injection vulnerabilities. The issue allows remote authenticated administrators to execute arbitrary code by injecting PHP sequences into the php-stats-options record in the _options table, which is subsequently evaluated via ...
CVE-2007-5453
Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the options table, which is used in an eval function call by 1 admin.php, 2 click.php, 3 download.php, and...
phpstats-multi.txt
32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175. $result=sqlquery"SELECT lastpage FROM...
PHP-Stats 0.1.9.2 - Multiple Vulnerabilities
PHP-Stats 0.1.9.2 - Multiple Vulnerabilities 32 break; 100. 103. $title='?'; 104. if$option'pagetitle' && isset$GET't' 105. 106. $tmpTitle=htmlspecialcharsaddslashesurldecode$GET't'; 107. if$tmpTitle!='\\\" t \\\"' $title=$tmpTitle; 108. 109. 174. if $loaded=='?' && $title!='?' 175...
Design/Logic Flaw
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...
CVE-2007-5056
Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the lastmodule parameter...
CVE-2007-5056
CVE-2007-5056 is an eval injection in adodb-perf-module.inc.php of ADOdb Lite
Cocoon Counter statistics program background written mA-vulnerability warning-the black bar safety net
Reference the latest Ocean to the top of the eval version in a few words, here to use is % eval reques tchr 3 5 % , "evalExecutePP. htm in the text box write your own code is added with 2006X2. exe conversion to generate the html text box in code. What is the text box you know? Don't just check t...
CVE-2007-4596
The perl extension in PHP does not follow safemode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments...
Design/Logic Flaw
Eval injection vulnerability in environment.php in Olate Download od 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the 1 PDO::ATTRSERVERVERSION or 2 PDO::ATTRCLIENTVERSION attribute...
CVE-2007-4454
Eval injection vulnerability in environment.php in Olate Download od 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the 1 PDO::ATTRSERVERVERSION or 2 PDO::ATTRCLIENTVERSION attribute...
CVE-2007-4454
Eval injection vulnerability in environment.php in Olate Download od 3.4.1 allows context-dependent attackers to execute arbitrary code via a crafted version string, as referenced by the 1 PDO::ATTRSERVERVERSION or 2 PDO::ATTRCLIENTVERSION attribute...
CVE-2007-4454
CVE-2007-4454 affects Olate Download (od) 3.4.1 via an eval injection in environment.php. A crafted version string can cause code execution, using either PDO::ATTR_SERVER_VERSION or PDO::ATTR_CLIENT_VERSION. The available documents confirm the vulnerability and potential impact; no remediation de...