Lucene search
K

142 matches found

PyPA
PyPA
added 2019/11/04 9:15 p.m.4 views

PYSEC-2019-175

An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...

9.8CVSS7AI score0.0304EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2019/11/04 8:45 p.m.38 views

CVE-2013-4409

An eval vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests...

9.4AI score0.0304EPSS
Exploits0References10
OSV
OSV
added 2019/10/15 11:15 p.m.2 views

CVE-2019-17613

qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...

9.8CVSS7.8AI score
Exploits0References1
NVD
NVD
added 2019/10/15 3:15 p.m.31 views

CVE-2019-10759

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9CVSS9.8AI score0.01787EPSS
Exploits1References1
OSV
OSV
added 2019/10/15 3:15 p.m.25 views

CVE-2019-10760

safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9CVSS10AI score
Exploits0References1
Cvelist
Cvelist
added 2019/10/15 2:47 p.m.31 views

CVE-2019-10759

safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...

9.9AI score0.01787EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2019/03/08 11:0 a.m.5 views

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) potentially affected by CVE-2019-10760 via safer-eval (=1.2.3)

safer-eval NPM version =1.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on safer-eval and may be impacted: - @pl-test/c =1.1.0, =1.1.1 - @pl-test/e =1.1.0 Source cves: CVE-2019-10760 Source advisory: SNYK:JS-SAFEREVAL-473029...

9.9CVSS7.2AI score0.02852EPSS
Exploits0
Veracode
Veracode
added 2019/02/15 2:43 a.m.24 views

Arbitrary Code Execution

static-eval is vulnerable to arbitrary code execution. The vulnerability is possible because there is no protection by sandbox isolated process, allowing the user to input malicious code through it...

7.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2018/11/27 7:29 a.m.4 views

CVE-2018-19595

PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current=pboot:ifevAl$GETa1/pboot:if&a=phpinfo; URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel...

9.8CVSS6.1AI score0.03858EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2018/10/15 12:0 a.m.4 views

PT-2018-14403 · Asuswrt Merlin · Merlin.Php

Name of the Vulnerable Software and Affected Versions: Merlin.PHP version 0.6.6 Description: An issue was discovered in the Merlin.PHP component for Asuswrt-Merlin devices, allowing an attacker to execute arbitrary commands. This is due to an eval call in api.php, as demonstrated by the...

9.8CVSS10AI score0.05434EPSS
Exploits1References4
Prion
Prion
added 2018/10/09 6:29 p.m.19 views

Code injection

An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing...

7.5CVSS9.7AI score0.02477EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2018/07/19 1:36 a.m.13 views

Remote Code Execution (RCE)

YARD is affected by a remote code execution vulnerability. This is due to the usage of eval to parse and evaluate defined? blocks for complex expressions, which allows arbitrary execution of code...

7.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2018/07/18 6:28 p.m.6 views

@ajaxlinux/tools (>=1.1.2 <=1.1.7), @autorest/powershell (>=2.0.295 <=2.0.315) +239 more potentially affected by CVE-2017-16088 via safe-eval (>=0.2.0 <=0.3.0)

safe-eval NPM version =0.2.0, =1.1.2, =2.0.295, =2.0.4, =2.0.142, =3.0.136, =3.0.142, =4.0.149, =3.0.129, =1.2.9, =1.1.4, =0.0.34, =0.1.0 and more Source cves: CVE-2017-16088 Source advisory: OSV:GHSA-WW6V-677G-P656...

10CVSS7.3AI score0.03494EPSS
Exploits0
Veracode
Veracode
added 2018/06/07 1:24 p.m.37 views

Remote Code Execution (RCE)

safe-eval is vulnerable to remote code execution RCE. The application does not properly sanitize user input in object constructors, allowing a malicious user to break out of the Sandbox and execute arbitrary commands...

10CVSS9.7AI score0.03494EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/05/04 12:0 a.m.3 views

Combodo iTop Command Injection Vulnerability

Combodo iTop also known as IT Operations Portal, IT Operations Portal is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management and...

7.2CVSS8.1AI score0.07495EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2015/09/17 11:12 p.m.5 views

CVE-2014-3700

eDeploy through at least 2014-10-14 has remote code execution due to eval of untrusted data...

9.8CVSS6.5AI score0.0284EPSS
Exploits1References1
CNVD
CNVD
added 2014/12/02 12:0 a.m.3 views

phpcms background arbitrary code execution vulnerability

phpcms is an open source content management system. phpcms backend exists arbitrary code execution vulnerability , due to phpcms source code program in many places using the string2array function , the function's parameters are directly executed by eval , so as long as there is a call to the...

8.2AI score
Exploits0
Packet Storm
Packet Storm
added 2013/06/26 12:0 a.m.16 views

LotusCMS 3.0 PHP Code Execution

!/usr/bin/python Script that spawns a reverse shell python on vulnerable LotusCMS 3.0 installations. Uses a simple PHP eval vulnerability. http://secunia.com/secuniaresearch/2011-21/ infodox - Insecurety Research 2013 insecurety.net - @infodox import requests import random import threading import...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2007/01/05 12:0 a.m.27 views

igshop10-multiple.txt

"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/04/18 11:12 a.m.4 views

security flaw

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding XBL.method.eval to create Javascript functions that are compiled with extra...

9.3CVSS6.2AI score0.08979EPSS
Exploits1References4
Rows per page
Query Builder