2443 matches found
safer-eval code injection vulnerability
safer-eval is a security evaluation module that runs in node and browsers. A code injection vulnerability exists in versions prior to safer-eval 1.3.2, which arises from the failure of a network system or product to properly filter specific elements of externally input data during the constructio...
CVE-2019-17613
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17613
CVE-2019-17613 affects qibosoft 7. The vulnerability is due to do/jf.php performing eval on input, enabling remote code execution. An attacker can leverage the Point Introduction Management feature to inject PHP code to be evaluated, or exploit CSRF via admin/index.php?lfj=jfadmin&action=addjf (p...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10759
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
Code injection
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
Code injection
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10760
Safer-eval prior to 1.3.2 is vulnerable to sandbox escape via constructor properties, enabling arbitrary code execution. Affected component: safer-eval (
CVE-2019-10759
safer-eval before 1.3.4 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code...
CVE-2019-10759
The CVE-2019-10759 issue affects safer-eval prior to 1.3.4. A payload leveraging constructor properties can escape the sandbox and execute arbitrary code, giving an attacker arbitrary code execution. Documented impact is high for remote code execution with network access and no user interaction r...
Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the...
Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks
In an effort to mitigate a large class of potential cross-site scripting issues in Firefox, Mozilla has blocked execution of all inline scripts and potentially dangerous eval-like functions for built-in "about: pages" that are the gateway to sensitive preferences, settings, and statics of the...
Joomla 3.4.6 Remote Code Execution
Exploit Title: Joomla 3.4.6 - 'configuration.php' Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo @Hacktive Security Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...
CVE-2008-5906
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...
CVE-2019-15642
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...
CVE-2018-20988
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation...
Code injection
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation...
CVE-2018-20988
CVE-2018-20988 affects the WordPress Google Forms (wpgform) plugin prior to 0.94. The issue is an eval injection in the CAPTCHA calculation, as described across multiple sources (NVD, Red Hat, CNVD, CVE list, etc.). The connected documents do not provide explicit exploitation details, affected pr...