Vulnerabilities > CVE-2006-0636 - Unspecified vulnerability in Eyeos Project Eyeos

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

eyeos-project

NVD

Published: 2006-02-10

Updated: 2024-11-21

Summary

desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.

Vulnerable Configurations

Part	Description	Count
OS	Eyeos_Project Eyeos Project Eyeos 0.8.2_R1 Eyeos Project Eyeos 0.8.5 Eyeos Project Eyeos 0.8.9 Eyeos Project Eyeos 0.8.3_R1 Eyeos Project Eyeos 0.8.2_R3 Eyeos Project Eyeos 0.8.4_R1 Eyeos Project Eyeos 0.8.3 Eyeos Project Eyeos 0.8.4 Eyeos Project Eyeos 0.8.2_R2 Eyeos Project Eyeos 0.8.3_R2 Eyeos Project Eyeos 0.8.6 Eyeos Project Eyeos 0.8 Eyeos Project Eyeos 0.8.1_R1 Eyeos Project Eyeos 0.8.8 Eyeos Project Eyeos 0.8.2 Eyeos Project Eyeos 0.8.7 Eyeos Project Eyeos 0.8.5_R1 Eyeos Project Eyeos 0.8.1	18

Summary

Vulnerable Configurations

References