CVE-2021-40084

The CVE-2021-40084 entry affects opensysusers through version 0.6, where unsafe usage of eval on files in sysusers.d may allow shell metacharacters to trigger command execution (e.g., via a crafted GECOS field). This is documented as a denial of service/remote-like risk with high severity in CVE ...

PYSEC-2021-119

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. The schema parser uses eval as part of its processing, and tries to protect from malicious expressions by limiting the builtins that are passed to the eval. When processing the schema, each li...

PT-2021-16986 · Npm · Node-Config-Shield

Name of the Vulnerable Software and Affected Versions: node-config-shield versions prior to 0.2.2 Description: The issue concerns the node-config-shield package, where the scripts/cli.js file calls eval when processing a set command. This could potentially lead to issues if the set command is use...

In Python 3 through 3.9.0 the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

...

PT-2020-8914 · Pullit · Pullit

Name of the Vulnerable Software and Affected Versions: pullit versions prior to 1.4.0 Description: The issue allows OS Command Injection because eval is used on an attacker-supplied Git branch name. The package does not validate input on git branch names and concatenates it to an exec call,...

Arbitrary Code Execution

Overview thenify is a Promisify a callback-based function using any-promise. Affected versions of this package are vulnerable to Arbitrary Code Execution. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function witho...

Arbitrary Code Execution

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. Affected versions of this package are vulnerable to Arbitrary Code Execution. The "params" argument of module function can be controlled by users without any sanitization.b. Th...

Code injection

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...

CVE-2019-9115

In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2018-19430)

BTITeam XBTIT is an open source bittorrent tracking system. A cross-site scripting vulnerability exists in BTITeam XBTIT. Attackers can use the 'String.replace' function and 'eval' function to exploit the vulnerability to bypass the includes/crkprotection.php script of the anti-cross-site scripti...

CVE-2018-15676

An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crkprotection.php anti-XSS mechanism that looks for a number of dangerous fingerprints...

PHP code execution vulnerability summary-vulnerability warning-the black bar safety net

PHP security lovers of the feastthe Month of PHP Security it. Read php-security on many of the cattle below, to issue to the shared under a., are idols wow. A code to perform the function In PHP you can execute the Code of the function. Such as eval , assert , theand system and exec and shellexec...

DEBIAN-CVE-2006-1741

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by 1 "using a modal alert to suspend an event handler while a new page is being loaded", 2 using eval, and using...