2532 matches found
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
DEBIAN-CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
CVE-2005-3539
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...
CVE-2005-4317
Limbo CMS 1.0.4.2 and earlier, with registerglobals off, does not protect the $SERVER variable from external modification, which allows remote attackers to use the SERVERREMOTEADDR parameter to 1 conduct cross-site scripting XSS attacks in the stats module or 2 execute arbitrary code via an eval...
CVE-2005-4317
Limbo CMS (versions up to 1.0.4.2) is affected by multiple flaws. When register_globals is off and a MySQL backend is used, improper sanitization of _SERVER[REMOTE_ADDR] enables SQL injection. The same parameter can also enable cross-site scripting in the Stats module. Additionally, index2.php pe...
CVE-2005-4031
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...
CVE-2005-4031
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...
CVE-2005-4031
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...
CVE-2005-4031
MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...
CVE-2005-4031
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...
CVE-2004-2631
CVE-2004-2631 affects phpMyAdmin 2.5.1–2.5.7, where LeftFrameLight being FALSE enables eval injection in left.php, allowing remote attackers to execute arbitrary PHP code via a crafted table name. The issue is rated CVSS v2 base 7.5 (Network, Low attack complexity, no authentication). Connected a...
CVE-2004-2631
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name...
CVE-2005-3823
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function...
CVE-2005-3823
CVE-2005-3823 affects vTiger CRM 4.2 and earlier. The Users module allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to eval. The connected sources provide no explicit remediation details; update/patch information is not inc...
CVE-2005-3554
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...
CVE-2005-3554
CVE-2005-3554 describes multiple eval-injection vulnerabilities in the help function of PHP-Kit up to version 1.6.1 R2, triggered when register_globals is enabled. Remote attackers could execute arbitrary code on the server via uninitialized variables. The description notes unknown attack vectors...
CVE-2005-3554
Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when registerglobals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables...
CVE-2005-3405
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the 1 asc or 2 desc parameters set, possibly due to an eval injection vulnerability...
CVE-2005-3405
ATutor