DEBIAN-CVE-2006-2787

EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox...

Sql injection

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

CVE-2006-2005

CVE-2006-2005 affects ClanSys 1.1 (index.php). The vulnerability is an eval injection in the page parameter that allows remote attackers to execute arbitrary PHP code, demonstrated by injecting an include statement into the eval. Some sources describe it as a file inclusion, but the primary issue...

CVE-2006-2005

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by som...

security flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

CVE-2006-1895

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...

Code injection

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...

security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding XBL.method.eval to create Javascript functions that are compiled with extra...

PAJAX < 0.5.2 Multiple Vulnerabilities

The remote host is running PAJAX, a PHP library for remote asynchronous objects in JavaScript. The version of PAJAX installed on the remote host fails to validate input to the 'pajax/pajaxcalldispatcher.php' script before using it in a PHP 'eval' function. An unauthenticated attacker can exploit...

security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding XBL.method.eval to create Javascript functions that are compiled with extra...

DEBIAN-CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...

CVE-2006-1551

PAJAX

CVE-2006-1669

SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval...

Immunity Canvas: HORDE_EVAL

Name| hordeeval ---|--- CVE| CVE-2006-1491 Exploit Pack| CANVAS Description| Horde Eval Notes| CVE Name: CVE-2006-1491 VENDOR: Horde.org Notes: Try using nc -e /bin/sh as your command and having a nc -vlp Repeatability: Infinite CVE Url: https://vulners.com/cve/CVE-2006-1491 CVSS: 7.5...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

CVE-2006-1491

CVE-2006-1491 is a remote code execution vulnerability in the Horde Application Framework. The issue affects Horde 3.0.x before 3.0.10 and 3.1.x before 3.1.1, where unsanitized user input in the help viewer is passed to eval(), allowing arbitrary code execution on affected hosts. Related publicly...

CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

Sql injection

Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...

CVE-2006-1252

CVE-2006-1252 affects Light Weight Calendar (LWC) 1.0, where an eval injection in cal.php allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. This is a remote code execution vulnerability with CVSSv2 base score 7.5 (HIGH) and network attack vector with no au...