2 matches found
CVE-2006-0636
desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the SESSION variable before calling the sessionstart function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using...
eyeOS 0.8.x - Session Remote Command Execution
source: https://www.securityfocus.com/bid/16537/info The eyeOS system is prone to a remote command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data. An attacker can exploit this issue to execute arbitrary commands in the context of...