Lucene search
K

2514 matches found

Cvelist
Cvelist
added 2007/01/04 2:0 a.m.17 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

7.5AI score0.00979EPSS
Exploits0References5
CVE
CVE
added 2007/01/04 2:0 a.m.40 views

CVE-2006-6852

tDiary 2.0.3 and 2.1.4.200 contain an eval injection vulnerability that lets a remote authenticated attacker run arbitrary Ruby scripts. The root cause is described as incorrect input validation in two web templates (conf.rhtml and i.conf.rhtml), enabling arbitrary code execution on the web serve...

6CVSS7.5AI score0.00979EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2007/01/04 2:0 a.m.18 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

6CVSS6.7AI score0.00979EPSS
Exploits0
NVD
NVD
added 2006/12/31 5:0 a.m.13 views

CVE-2006-6852

Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by 1 conf.rhtml and 2 i.conf.rhtml. NOTE: some of these details are obtained from third party...

6CVSS7.5AI score0.00979EPSS
Exploits0References5
NVD
NVD
added 2006/10/25 10:7 p.m.14 views

CVE-2006-5509

Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter...

7.5CVSS8.3AI score0.0125EPSS
Exploits0References7
CVE
CVE
added 2006/10/25 10:0 p.m.46 views

CVE-2006-5509

The CVE concerns WoltLab Burning Book 1.1.2, where an eval injection vulnerability in addentry.php allows remote code execution. The issue arises when crafted POST data stores PHP code in the database, which is later processed by eval. The exploitation path is demonstrated via SQL injection throu...

7.5CVSS8.7AI score0.0125EPSS
Exploits0References7Affected Software1
myhack58
myhack58
added 2006/10/20 12:0 a.m.18 views

Hacking tutorials series of micro-PHP Trojan explore-exploit warning-the black bar safety net

This article is nothing special, only required to initiate it. And gave and I did the dishes in PHP the door and wandering friend. Just learning PHP in a few days, I would rush to work, so there are errors and inadequacies Please a positive note. PHP syntax powerful is ASP in the dust, only one:...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.23 views

Debian DSA-1034-1 : horde2 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1260 Null characters in the URL parameter bypas...

7.5CVSS5.9AI score0.38441EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.44 views

Debian DSA-1033-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabiliti...

7.5CVSS5.9AI score0.38441EPSS
Exploits3References8
NVD
NVD
added 2006/10/10 4:6 a.m.19 views

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

7.5CVSS7.8AI score0.0377EPSS
Exploits1References6
Cvelist
Cvelist
added 2006/10/06 7:0 p.m.24 views

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

7.8AI score0.0377EPSS
Exploits1References6
CVE
CVE
added 2006/10/06 7:0 p.m.52 views

CVE-2006-5185

The CVE-2006-5185 issue affects HAMweather (versions 3.9.8.4 and earlier) where eval injection in Template.php occurs. An attacker can supply a modified query string that is passed to an eval call inside do_parse_code, allowing remote code execution. Impact is arbitrary code execution on the web ...

7.5CVSS7.8AI score0.0377EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2006/09/14 10:7 p.m.13 views

CVE-2006-4437

Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in 1 tags.php, 2 sign.php, and 3 admin/index.php...

7.5CVSS7.8AI score0.08205EPSS
Exploits1References10
CVE
CVE
added 2006/09/14 10:0 p.m.70 views

CVE-2006-4437

The provided documents confirm CVE-2006-4437 in Tagger LE: an eval() injection vulnerability that allows remote attackers to execute arbitrary PHP code via crafted query string parameters in tags.php, sign.php, and admin/index.php. The root cause is unsanitised input being used directly inside an...

7.5CVSS7.9AI score0.08205EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2006/09/06 12:0 a.m.44 views

CVE-2006-4551

The CVE-2006-4551 entry describes an eval injection vulnerability in Feedsplitter (the feedsplitter.php handling path) that allows remote attackers to execute arbitrary PHP code by supplying the file to the value of the format parameter, and possibly via a malicious RSS feed. The root cause is im...

7.5CVSS7.9AI score0.01468EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/08/31 11:4 p.m.20 views

CVE-2006-4506

idmlib.sh in nxdrv in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " quote and \ backslash characters and eval injection...

3.6CVSS7.7AI score0.00508EPSS
Exploits1References3
Cvelist
Cvelist
added 2006/08/31 11:0 p.m.24 views

CVE-2006-4506

idmlib.sh in nxdrv in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " quote and \ backslash characters and eval injection...

7.7AI score0.00508EPSS
Exploits1References3
CVE
CVE
added 2006/08/31 11:0 p.m.46 views

CVE-2006-4506

The CVE-2006-4506 entry concerns Novell Identity Manager (IDM) 3.0.1, where idmlib.sh in the nxdrv component allows local users to run arbitrary commands via unspecified vectors, with potential involvement of the " (quote) and \ (backslash) characters and eval injection. Public sources in the NVD...

3.6CVSS8.1AI score0.00508EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2006/07/28 11:22 p.m.4 views

security flaw

Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig PAC servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object...

7.5CVSS7.6AI score0.02897EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2006/07/27 1:4 a.m.28 views

CVE-2006-3819

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF"...

7.5CVSS6.3AI score0.04024EPSS
Exploits5References1
Rows per page
Query Builder