142 matches found
PYSEC-2019-175
An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...
CVE-2013-4409
An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...
CVE-2019-17613
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-10759
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10759
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10760 via safer-eval (=1.2.3)
safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10760 Source advisory: SNYK:JS-SAFEREVAL-473029...
Arbitrary Code Execution
static-eval is vulnerable to arbitrary code execution. The vulnerability is possible because there is no protection by sandbox isolated process, allowing the user to input malicious code through it...
CVE-2018-19595
PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...
PT-2018-14403 · Asuswrt Merlin · Merlin.Php
Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an eval call in api.php, as demonstrated by the...
Code injection
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing...
Remote Code Execution (RCE)
YARD is affected by a remote code execution vulnerability. This is due to the usage of eval to parse and evaluate defined? blocks for complex expressions, which allows arbitrary execution of code...
@ajaxlinux/tools (>=1.1.2 <=1.1.7), @autorest/powershell (>=2.0.295 <=2.0.315) +239 more potentially affected by CVE-2017-16088 via safe-eval (>=0.2.0 <=0.3.0)
safe-eval NPM version =0.2.0, =1.1.2, =2.0.295, =2.0.4, =2.0.142, =3.0.136, =3.0.142, =4.0.149, =3.0.129, =1.2.9, =1.1.4, =0.0.34, =0.1.0 and more Source cves: CVE-2017-16088 Source advisory: OSV:GHSA-WW6V-677G-P656...
Remote Code Execution (RCE)
safe-eval is vulnerable to remote code execution RCE. The application does not properly sanitize user input in object constructors, allowing a malicious user to break out of the Sandbox and execute arbitrary commands...
Combodo iTop Command Injection Vulnerability
Combodo iTop also known as IT Operations Portal, IT Operations Portal is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management and...
CVE-2014-3700
eDeploy through at least 2014-10-14 has remote code execution due to eval of untrusted data...
phpcms background arbitrary code execution vulnerability
phpcms is an open source content management system. phpcms backend exists arbitrary code execution vulnerability , due to phpcms source code program in many places using the string2array function , the function's parameters are directly executed by eval , so as long as there is a call to the...
LotusCMS 3.0 PHP Code Execution
!/usr/bin/python Script that spawns a reverse shell python on vulnerable LotusCMS 3.0 installations. Uses a simple PHP eval vulnerability. http://secunia.com/secuniaresearch/2011-21/ infodox - Insecurety Research 2013 insecurety.net - @infodox import requests import random import threading import...
igshop10-multiple.txt
"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...
security flaw
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding XBL.method.eval to create Javascript functions that are compiled with extra...