793 matches found
CVE-2015-7712
Multiple eval injection vulnerabilities in mods/standard/gradebook/editmarks.php in ATutor 2.2 and earlier allow remote authenticated users with the ATPRIVGRADEBOOK privilege to execute arbitrary PHP code via the 1 asc or 2 desc parameter...
CVE-2015-7712
ATutor 2.2 and earlier contains a PHP code injection vulnerability in mods/_standard/gradebook/edit_marks.php that allows remote authenticated users with AT_PRIV_GRADEBOOK privilege to execute arbitrary PHP code via the asc or desc parameters. This is a classic eval/ injection flaw in the gradebo...
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...
Sql injection
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...
CVE-2015-7729
CVE-2015-7729 affects SAP HANA Developer Edition DB Web-based Development Workbench, specifically the file test-net.xsjs . The vulnerability is an eval injection that allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors. This is associated with SAP Security Not...
CVE-2015-7729
Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via unspecified vectors, aka SAP Security Note 2153892...
CVE-2015-2308
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...
CVE-2015-2308
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...
Sql injection
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...
UBUNTU-CVE-2015-2308
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...
CVE-2015-2308
Symfony 2.x vulnerable to PHP code execution via HTTP cache HttpCache Eval injection. Affected: HttpKernel HttpCache class when ESI is enabled. Root cause: language="php" attribute in SCRIPT elements not escaped before eval(). Affected versions: Symfony 2.0.x–2.6.x with fixes in 2.3.27, 2.5.11, a...
CVE-2015-2308
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...
xdg-utils Eval Injection Vulnerability
xdg-utils is a set of command line tools used to help applications integrate with various desktop tasks. An Eval injection vulnerability exists in xdg-utils version 1.1.0 RC1. An attacker can exploit this vulnerability to execute arbitrary code with the help of the 'URL' parameter...
CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...
Design/Logic Flaw
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...
UBUNTU-CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...
CVE-2014-9622
CVE-2014-9622 covers an eval-injection in xdg-utils 1.1.0 RC1 where, if no supported desktop environment is identified, an attacker can cause xdg-open to execute arbitrary commands via the URL argument. The vulnerability is treated as a remote-code-execution risk affecting Linux distros, with CVS...
CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...