28 matches found
VulnCheck KEV: CVE-2026-27174
MajorDoMo aka Major Domestic Module allows unauthenticated remote code execution via the admin panel's PHP console feature. An include order bug in modules/panel.class.php causes execution to continue past a redirect call that lacks an exit statement, allowing unauthenticated requests to reach th...
EUVD-2020-0442
Malware in sbrugna...
EUVD-2006-1670
Malware in sbrugna...
EUVD-2002-2093
Malware in sbrugna...
EUVD-2011-0077
Malware in sbrugna...
Code Injection
elektra is vulnerable to Code Injection. The vulnerability is due to improper handling of user input in the live search functionality of the Ruby on Rails-based Elektra web application, which allows authenticated users to craft a search term containing Ruby code that flows into an eval call,...
GHSA-RC77-XXQ6-4MFF Command Injection in hot-formula-parser
Versions of hot-formula-parser prior to 3.0.1 are vulnerable to Command Injection. The package fails to sanitize values passed to the parse function and concatenates it in an eval call. If a value of the formula is supplied by user-controlled input it may allow attackers to run arbitrary commands...
CVE-2020-6836
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...
CVE-2020-6836
grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may...
CVE-2019-15642
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...
CVE-2016-6558
A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the actionscript parameter. The actionscript parameter specifies a script to be executed if the actionmode parameter does not conta...
Cross-site Scripting (XSS)
angular-redactor is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of user input that is used in an eval call...
PHPLib 7.4 - SQL Injection
PHPLib 7.4 - SQL Injection PHPLib SQL Injection Vendor: PHPLib Product: PHPLib Version: newid=true; $this-name = $this-cookiename==""?$this-classname:$this-cookiename; if "" == $id $this-newid=false; switch $this-mode case "get": $id = isset$HTTPGETVARS$this-name ?...
PHPXMLRPC < 1.1 - Remote Code Execution
PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-R...
Tuleap PHP Unserialize Code Execution Exploit
This Metasploit module exploits a PHP object injection vulnerability in Tuelap 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuelap = 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with...
Tuleap PHP Unserialize Code Execution
This module exploits a PHP object injection vulnerability in Tuleap 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuleap = 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the...
LotusCMS 3.0 eval() Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
123 Flash Chat 5.0 - Remote Code Injection Weakness
No description provided by source. source: http://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attackers to tak...
TP-Link Cross Site Request Forgery Vulnerability
This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers. I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using the same Internet connection with several...
php-Charts wizard/index.php PHP Execution
The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/index.php' script is not properly sanitized before being used in an eval call. An unauthenticated, remote attacker could leverage this vulnerability to...