Code Injection in mosc

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

Invision Power Services, Inc.: PHP Code Injection through "previewBlock()" method

Summary: The vulnerability exists because the IPS\cms\modules\front\pages\builder::previewBlock method allows to pass arbitrary content to the IPS\Theme::runProcessFunction method, which will be used in a call to the eval function. This can be exploited to inject and execute arbitrary PHP code...

CMS Made Simple 2.2.15 - RCE (Authenticated)

Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...

MGASA-2020-0477 Updated python3 packages fix security vulnerability

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

Arbitrary Code Execution

blazar-dashboard is vulnerable to arbitrary code execution. An insecure usage of the eval function allows a user to execute arbitrary code on the Horizon host...

CVE-2020-15664

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

Design/Logic Flaw

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

CVE-2020-15664

The CVE-2020-15664 issue arises from a malicious page holding a reference to eval() from an about:blank window, allowing access to InstallTrigger and prompting users to install an extension. Affected products include Firefox < 80, Thunderbird < 78.2/68.12, Firefox ESR < 68.12/78.2, and F...

MGASA-2020-0352 Updated thunderbird packages fix security vulnerabilities

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

Code Injection in mahdaen/node-import

Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. This package is vulnerable to Arbitrary Code Execution. The params argument of the module function can be controlled by users without any sanitization. This is then provided to...

CVE-2020-11084

In iPear, the manual execution of the eval function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data files from the PC...

Command injection

In iPear, the manual execution of the eval function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data files from the PC...

CVE-2020-11084 Command Injection in iPear

In iPear, the manual execution of the eval function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data files from the PC...

Arbitrary Code Injection

thenify is vulnerable to arbitrary code execution. Untrusted user input is passed to the eval function which would allow an attacker to inject and execute arbitrary code on the system...

Arbitrary Code Execution

mosc is vulnerable to arbitrary code execution. Untrusted user input to the properties argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...

Arbitrary Code Execution

node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the functionA,B,as,isAargs in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code...

Access-Policy Code Execution Vulnerability

access-policy is an access policy encoder/parser. A security vulnerability exists in access-policy 3.1.0 and earlier versions, which originates when user input provided to the 'template' function is executed by the 'eval' function. An attacker could exploit this vulnerability to execute code...

cd-messenger input validation error vulnerability

cd-messenger is a console and file recorder with Gulp automated build tool support by American software developer Mike Erickson. An input validation error vulnerability exists in cd-messenger 2.7.26 and earlier versions, which stems from the 'eval' function executing user input passed to the...

CVE-2020-7674

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...

CVE-2020-7674

access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...