PT-2022-8576 · F*Ex · F*Ex

Name of the Vulnerable Software and Affected Versions: FEX aka Frams' Fast File EXchange versions prior to fex-20160919 2 Description: The issue allows for eval injection, which can be used for unauthenticated remote code execution. Recommendations: For versions prior to fex-20160919 2, update to...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

Code injection

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

CVE-2021-43269

In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configuration to use a malicious proxy auto-config PAC file, leading to arbitrary code execution. This affects Incydr Basic, Advanced, and Gov F1; CrashPlan Cloud; and CrashPlan for Small Business. Incydr...

CVE-2021-43269

CVE-2021-43269 affects Code42 app prior to 8.8.0. An eval injection could allow an attacker to modify a device’s proxy configuration to point at a malicious PAC file, enabling arbitrary code execution. Affected: Incydr Basic, Advanced, Gov F1; CrashPlan Cloud; CrashPlan for Small Business (Incydr...

CVE-2021-42057

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...

CVE-2021-42057

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...

Sql injection

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...

CVE-2021-42057

Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened. NOTE: 0.4.13 provides a mitigation for some use cases...

obsidian-dataview 代码注入漏洞

obsidian-dataview is a software application. A complex query language implementation of the Obsidian note-taking tool. A security vulnerability exists in versions prior to Obsidian Dataview 0.4.12-hotfix1, which stems from the software's lack of effective restrictions and filters for eval...

Advisory ROSA-SA-2021-2001

Software: xdg-utils 1.1.0 OS: Cobalt 7.9 CVE-ID: CVE-2014-9622 CVE-Crit: HIGH CVE-DESC: Eval injection vulnerability in xdg-utils 1.1.0 RC1 in the absence of a supported desktop environment allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. CVE-STATUS:...

Remote Code Execution (RCE)

mariadb is vulnerable to remote code execution. The vulnerability exists due to an untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrepprovider and wsrepnotifycmd...

Eaton Intelligent Power Manager Eval Injection Vulnerability

Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. An Eval injection vulnerability exists in Eaton IPM versions prior to 1.69. The vulnerability arises becaus...

Eaton Intelligent Power Manager

1. EXECUTIVE SUMMARY CVSS v3 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Eaton Equipment: Intelligent Power Manager IPM Vulnerabilities: SQL Injection, Eval Injection, Improper Input Validation, Unrestricted Upload of File with Dangerous Type, Code Injection 2. RISK...

CVE-2021-23277

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

CVE-2021-23277

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

Design/Logic Flaw

Eaton Intelligent Power Manager IPM prior to 1.69 is vulnerable to unauthenticated eval injection vulnerability. The software does not neutralize code syntax from users before using in the dynamic evaluation call in loadUserFile function under scripts/libs/utils.js. Successful exploitation can...

CVE-2021-23277

CVE-2021-23277 affects Eaton Intelligent Power Manager (IPM) versions prior to 1.69. The issue is an unauthenticated eval injection in the loadUserFile function (scripts/libs/utils.js) where user input is not neutralized before dynamic evaluation, enabling an attacker to influence input to the fu...

VulnCheck KEV: CVE-2019-13372

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

CVE-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...