344 matches found
CVE-2020-11084 Command Injection in iPear
In iPear, the manual execution of the eval function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data files from the PC...
Arbitrary Code Injection
thenify is vulnerable to arbitrary code execution. Untrusted user input is passed to the eval function which would allow an attacker to inject and execute arbitrary code on the system...
Arbitrary Code Execution
mosc is vulnerable to arbitrary code execution. Untrusted user input to the properties argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...
Arbitrary Code Execution
node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the functionA,B,as,isAargs in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code...
Access-Policy Code Execution Vulnerability
access-policy is an access policy encoder/parser. A security vulnerability exists in access-policy 3.1.0 and earlier versions, which originates when user input provided to the 'template' function is executed by the 'eval' function. An attacker could exploit this vulnerability to execute code...
cd-messenger input validation error vulnerability
cd-messenger is a console and file recorder with Gulp automated build tool support by American software developer Mike Erickson. An input validation error vulnerability exists in cd-messenger 2.7.26 and earlier versions, which stems from the 'eval' function executing user input passed to the...
CVE-2020-7674
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
CVE-2020-7674
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
Remote code execution
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
Remote code execution
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
Remote code execution
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
CVE-2020-7673
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
CVE-2020-7673
CVE-2020-7673 affects node-extend up to version 0.2.0. The vulnerability arises in the extend(A,B,as,isAargs) function (lib/extend.js) where user input is passed to eval, enabling Arbitrary Code Execution. Affected: node-extend 0.2.0 and earlier. Impact: potential remote code execution with netwo...
CVE-2020-7672
CVE-2020-7672 affects the mosc package (mosc through 1.0.0). The vulnerability lies in user input passed to the properties argument, which is executed via eval, leading to arbitrary code execution. In practice, a crafted input can cause code execution in impacted environments (SNYK provides a Pro...
CVE-2020-7674
CVE-2020-7674 affects access-policy up to version 3.1.0. The vulnerability is caused by user input passed to the template function being executed by eval, enabling arbitrary code execution. Affected component: access-policy encoder/parser. Impact is Arbitary Code Execution with the exact exploita...
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...