Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

28 matches found

Cvelist
Cvelistadded 2013/06/17 10:0 a.m.16 views

CVE-2013-4609

REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...

6.3AI score0.0151EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2013/02/11 12:0 a.m.34 views

php-Charts url.php Remote PHP Code Execution

The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/url.php' script is not properly sanitized before being used in a PHP eval call. An unauthenticated, remote attacker could leverage this vulnerability t...

6.4AI score
Exploits0References1
Metasploit
Metasploitadded 2012/03/06 5:36 p.m.191 views

LotusCMS 3.0 eval() Remote Command Execution

This module exploits a vulnerability found in Lotus CMS 3.0's Router function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default...

5.1CVSS7.6AI score0.15833EPSS
Exploits3
Tenable Nessus
Tenable Nessusadded 2011/02/22 12:0 a.m.17 views

Symantec IM Manager IMAdminSchedTask.asp Eval Code Injection Remote Code Execution (SYM11-004)

The version of Symantec IM Manager installed on the remote Windows host is earlier than 8.4.17. The 'ScheduleTask' method exposed by the 'IMAdminSchedTask.asp' page fails to properly sanitize user input to a POST variable before using it in an 'eval' call. If a logged in console user can be trick...

8.5CVSS5.9AI score0.12965EPSS
Exploits0References5
NVD
NVDadded 2006/04/07 10:4 a.m.15 views

CVE-2006-1669

SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval...

6.4CVSS8.3AI score0.01621EPSS
Exploits1References5
exploitpack
exploitpackadded 2006/01/24 12:0 a.m.27 views

123 Flash Chat 5.0 - Remote Code Injection

123 Flash Chat 5.0 - Remote Code Injection source: https://www.securityfocus.com/bid/16360/info 123 Flash Chat is prone to an arbitrary code injection weakness. An attacker can influence the value of a variable that is insecurely passed to an 'eval' call. Successful exploitation may allow attacke...

8.2AI score
Exploits0
securityvulns
securityvulnsadded 2005/07/01 12:0 a.m.22 views

PEAR XML_RPC Remote Code Execution Vulnerability

GulfTech Security Research June 29th, 2005 Vendor : The PEAR Group URL : http://pear.php.net/package/XMLRPC/ Version : PEAR XMLRPC 1.3.0 && Earlier Risk : Remote Command Execution Description: PEAR XMLRPC is a PHP implementation of the XML-RPC web RPC protocol, and used by many different develope...

0.5AI score
Exploits0
FreeBSD
FreeBSDadded 2005/06/29 12:0 a.m.44 views

pear-XML_RPC -- arbitrary remote code execution

GulfTech Security Research Team reports: PEAR XMLRPC is vulnerable to a very high risk php code injection vulnerability due to unsanatized data being passed into an eval call...

7.5CVSS6.8AI score0.79071EPSS
Exploits5References2
Rows per page
Query Builder