793 matches found
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
DEBIAN-CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
CVE-2021-27928
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database...
MariaDB 代码注入漏洞
MariaDB is a free and open source database management system from the Mariadb Foundation and a forked version of MySQL with the Maria storage engine. A code injection vulnerability exists in MariaDB versions 10.2 prior to 10.2.37, 10.3 prior to 10.3.28, 10.4 prior to 10.4.18, and 10.5 prior to...
PT-2021-3622 · Percona +9 · Percona Server +10
Name of the Vulnerable Software and Affected Versions: MariaDB versions 10.2 through 10.2.37 MariaDB versions 10.3 through 10.3.28 MariaDB versions 10.4 through 10.4.18 MariaDB versions 10.5 through 10.5.9 Percona Server through 2021-03-03 wsrep patch through 2021-03-03 for MySQL Description: The...
zzzphp Eval Injection Vulnerability
zzphp is an open source free website building system. An Eval injection vulnerability exists in the parserCommom method of the ParserTemplate class in zzzztemplate.php in zzzphp 1.7.2. A remote attacker can exploit this vulnerability to execute arbitrary commands...
CVE-2020-20298
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzztemplate.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands...
CVE-2020-20298
CVE-2020-20298 affects zzzphp 1.7.2, specifically the zzz_template.php file within the ParserTemplate class. The vulnerability is described as an eval injection in the parserCommom method, enabling remote attackers to execute arbitrary commands. The connected documents provide this exact descript...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
Code injection
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 is affected by an eval-injection vulnerability that an attacker with privilege and access to write to the PostgreSQL database can exploit by crafting a custom profile field value. The root cause is the ability to inject and evaluate code via a crafted value stored in...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
Zulip Server eval injection vulnerability
Zulip is a powerful open source group chat application that combines the immediacy of live chat with the productivity benefits of threaded conversations.Zulip Server is the Zulip server. Zulip Server suffers from an eval injection vulnerability. An attacker who can write directly to the postgres...
CVE-2020-15348
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/deletecpesbyids?cpeids= for eval injection of Python code...