SUSE CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

SUSE CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

SUSE CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

SUSE CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

SUSE CVE-2006-1491

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer...

SUSE CVE-2008-5906

Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...

SUSE CVE-2011-1760

utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to conduct eval injection attacks and gain privileges via shell metacharacters in the -e argument...

SUSE CVE-2011-3597

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...

SUSE CVE-2013-1437

Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...

SUSE CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

SUSE CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

SUSE CVE-2019-19010

Eval injection in the Math plugin of Limnoria before 2019.11.09 and Supybot through 2018-05-09 allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands...

XWiki 5.0-milestone-1 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-9hqh-fmhg-vq2j)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

XWiki 6.4-milestone-2 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-5j7g-cf6r-g2h7)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

XWiki < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.6 Eval Injection Vulnerability (GHSA-6w8h-26xx-cf8q)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

Design/Logic Flaw

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...

CVE-2022-41928

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...

Design/Logic Flaw

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...

CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...