CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

Remote Code Execution (RCE)

rsshub is vulnerable to remote code execution. An attacker is able to inject malicious code via the eval or Function constructor which allows an attacker to inject and execute codes in the system...

GoDaddy Node-config-shield Security Vulnerability

GoDaddy Node-config-shield is a Javascript-based codebase for checking sensitive information in projects by GoDaddy, Inc. A security vulnerability exists in GoDaddy node-config-shield that stems from a call to eval while processing the set command...

PT-2021-16986 · Npm · Node-Config-Shield

Name of the Vulnerable Software and Affected Versions: node-config-shield versions prior to 0.2.2 Description: The issue concerns the node-config-shield package, where the scripts/cli.js file calls eval when processing a set command. This could potentially lead to issues if the set command is use...

CVE-2020-35272

Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting XSS in the Admin Portal in the Task and Description fields...

EulerOS 2.0 SP3 : python (EulerOS-SA-2021-1114)

According to the versions of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP.CVE-2020-27619 -...

Arbitrary Code Execution

Amendment This was deemed not a vulnerability. Overview static-eval is an evaluates statically-analyzable expressions. Affected versions of this package are vulnerable to Arbitrary Code Execution. This vulnerability was deemed to be not an issue within the library. References - GitHub Additional...

CMS Made Simple 2.2.15 Remote Command Execution

Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...

CMS Made Simple 2.2.15 - RCE (Authenticated)

Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...

MGASA-2020-0477 Updated python3 packages fix security vulnerability

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP CVE-2020-27619...

zzzphp Eval Injection Vulnerability

zzphp is an open source free website building system. An Eval injection vulnerability exists in the parserCommom method of the ParserTemplate class in zzzztemplate.php in zzzphp 1.7.2. A remote attacker can exploit this vulnerability to execute arbitrary commands...

CVE-2020-20298

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzztemplate.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands...

CVE-2020-20298

CVE-2020-20298 affects zzzphp 1.7.2, specifically the zzz_template.php file within the ParserTemplate class. The vulnerability is described as an eval injection in the parserCommom method, enabling remote attackers to execute arbitrary commands. The connected documents provide this exact descript...

VulnCheck KEV: CVE-2017-9841

PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI...

In Python 3 through 3.9.0 the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

...

Arbitrary Code Execution in blazar-dashboard

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...

Design/Logic Flaw

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

CVE-2020-27619

CVE-2020-27619: In CPython, the Python 3 test suite (Lib/test/multibytecodec_support.py) calls eval() on content retrieved via HTTP. The connected advisories indicate this issue was addressed by subsequent Python security updates (e.g., ALAS2-2021-4151, ALAS2-2021-1670, ALAS2-2022-1802, etc.), re...

CVE-2020-27619

In Python 3 through 3.9.0, the Lib/test/multibytecodecsupport.py CJK codec tests call eval on content retrieved via HTTP...

Arbitrary Code Execution

blazar-dashboard is vulnerable to arbitrary code execution. An insecure usage of the eval function allows a user to execute arbitrary code on the Horizon host...