Dynamic Variable Evaluation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Dynamic Variable Evaluation via the evaluation of placeholders in email templates. An attacker can access sensitive system information, such as configuration files, database...

CVE-2026-2451 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

EUVD-2006-4891

Malware in sbrugna...

EUVD-2007-2617

Malware in sbrugna...

EUVD-2006-2159

Malware in sbrugna...

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

CVE-2023-31032

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

Design/Logic Flaw

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

CVE-2023-31032 CVE

NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service...

PT-2023-15880 · Kernel · Kernel

Name of the Vulnerable Software and Affected Versions: Kernel module affected versions not specified Description: The issue is related to a race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition...

Oracle Linux 4 : squirrelmail (ELSA-2006-0668)

From Red Hat Security Advisory 2006:0668 : A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a...

PHP vulnerability full solution-vulnerability warning-the black bar safety net

PHP web page security issues For PHP website mainly exist the following types of attacks: 1. Command injectionCommand Injection 2. eval injectionEval Injection 3. Client scripting attacksScript Insertion 4. Cross-site scripting attacksCross Site Scripting, XSS 5. SQL injectionattacksSQL injection...

CVE-2007-2624

The CVE-2007-2624 entry concerns All In One Control Panel (AIOCP) before 1.3.016, where a dynamic variable evaluation vulnerability in shared/config/cp_config.php enables remote XSS via the SERVER superglobal array. The issue stems from processing user-supplied data in SERVER-related variables, a...

Cross site scripting

Dynamic variable evaluation vulnerability in shared/config/tceconfig.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting XSS and possibly other attacks by modifying critical variables such as $SERVER, as demonstrated by injecting web script via the...

CVE-2007-1634

Variable extraction vulnerability in grabglobals.php in Net Portal Dynamic System NPDS 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the FILESDBtmpname parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation...

Remote file inclusion

PHP remote file inclusion vulnerability in template.class.php in Carbonize Lazarus Guestbook before 1.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to admin.php, probably due to a dynamic variable evaluation vulnerability...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

CVE-2006-4019

CVE-2006-4019 affects SquirrelMail up to version 1.4.7, where a dynamic variable evaluation flaw in compose.php can allow an attacker to overwrite variables used by the script and influence actions, potentially reading/writing attachments and other users’ preferences. The issue stems from unsafe ...