Proofpoint Enterprise Protection 代码注入漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides the ability to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/POD version 8.20.0 and prior versions. An attacker can exploit this vulnerability to remotely execute code via...

Proofpoint Enterprise Protection 代码注入漏洞

Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A code injection vulnerability exists in Proofpoint Enterprise Protection PPS/POD version 8.20.0 and prior versions. An attacker can exploit this vulnerability to remotely execute...

XWiki 6.3-milestone-2 < 13.10.11, 14.x < 14.4.7, 14.5.x < 14.10 Eval Injection Vulnerability (GHSA-qxjg-jhgw-qhrv)

Xwiki is prone to an eval injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

PT-2023-16005 · Proofpoint · Proofpoint Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection PPS/POD versions 8.20.0 and below Description: The webservices in Proofpoint Enterprise Protection contain a vulnerability that allows an anonymous user to execute remote code through 'eval injection'...

XWiki 6.2.4 < 13.10.10, 14.x < 14.4.6, 14.5.x < 14.9 Eval Injection Vulnerability (GHSA-x2qm-r4wx-8gpg)

Xwiki is prone to an eval injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

PT-2023-1670

Name of the Vulnerable Software and Affected Versions debian-goodies version 0.88.1 Description The issue is related to the debmany function in the debian-goodies package, which allows attackers to execute arbitrary shell commands due to an eval call. This can be achieved via a crafted .deb file...

CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument...

GHSA-X2QM-R4WX-8GPG org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters formtoken=1&action=create. For instance:...

org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters formtoken=1&action=create. For instance:...

CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...

CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter URL parameter, in combination with additional parameters. This has been...

Device Manager Express 7.8.20002.47752 SQL Injection / XSS / Code Execution / Traversal

Device Manager Express versions 7.8.20002.47752 and below suffer from code execution, command execution, cross site scripting, remote SQL injection, and traversal vulnerabilities. Product Name: Device Manager Express Vendor Homepage: https://www.audiocodes.com Software Link:...

K6999: Web browser domain-based security and discussion of ''double eval()'' and FP_DO_NOT_TOUCH tags VU#261869

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

SUSE CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

SUSE CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

SUSE CVE-2005-2262

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" in Firefox or "Set as Background" in Netscape context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewallin...

SUSE CVE-2005-3302

Eval injection vulnerability in bvhimport.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call...

SUSE CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...