SUSE CVE-2022-22817

PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used...

ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution Exploit

ActualAnalyzer remote command execution exploit that leverages an eval. ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/20...

phpMyAdmin 'server_sync.php'远程后门漏洞

BUGTRAQ ID: 55672 CVE ID: CVE-2012-5159 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin通过"cdnetworks-kr-1" SourceForge mirror系统分发的phpMyAdmin 3.5.2.2及其他版本源文件为phpMyAdmin-3.5.2.2-all-languages.zip，其中包含名为serversync.php的木马，可允许远程攻击者通过调用eval攻击执行任意命令。 0 phpMyAdmin 3.5.2.2 厂商补丁： phpMyAdmin...

Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution

The remote server is running IkonBoard, a forum management CGI. The installed version fails to properly sanitize the 'lang' cookie when it contains illegal characters. An attacker, exploiting this flaw, could execute arbitrary code on the remote host when the cookie is inserted into a Perl 'eval'...