2443 matches found
Code injection
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...
CVE-2019-9115
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...
CVE-2019-9115
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...
CVE-2019-9115
In irisnet-crypto before 1.1.7 for IRISnet, the util/utils.js file allows code execution because of unsafe eval usage...
CVE-2019-9115
irisnet-crypto before 1.1.7 for IRISnet contains unsafe eval usage in util/utils.js, enabling remote code execution (RCE). This is confirmed by multiple sources (GHSA-5FH8-X9XC-HXMC, OSV) and aligns with CVE-2019-9115 severity (NVD: high/critical). Mitigation: upgrade to version 1.1.7 or later; n...
Arbitrary Code Execution
static-eval is vulnerable to arbitrary code execution. The vulnerability is possible because there is no protection by sandbox isolated process, allowing the user to input malicious code through it...
Design/Logic Flaw
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...
Design/Logic Flaw
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-7720
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-7720
taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...
CVE-2019-7719
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...
CVE-2019-7719
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...
CVE-2019-7720
The CVE-2019-7720 entry applies to TaoCMS, describing an eval-injection flaw in which PHP code can be placed in the install.php db_name parameter and then triggered via a config.php request. Red Hat and other sources corroborate the same issue, indicating the root cause is eval injection leading ...
CVE-2019-7719
Nibbleblog 4.0.5 is affected by CVE-2019-7719 via an eval injection flaw. The vulnerability occurs when PHP code is placed in the install.php username parameter and a subsequent request to content/private/shadow.php is made, enabling arbitrary PHP evaluation on the server. The NVD entry lists a h...
TaoCMS code injection vulnerability
TaoCMS is a php sqlite/mysql based ultra-small CMS management system. TaoCMS is vulnerable to code injection, which can be exploited by placing PHP code in the install.php dbname parameter and then issuing a config.php request to perform eval injection...
Remote Code Execution (RCE)
luci is vulnerable to remote code execution RCE attacks. The vulnerability exists through an eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...
UBUNTU-CVE-2019-6290
An infinite recursion issue was discovered in eval.c in Netwide Assembler NASM through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '' characters. Remote attackers could leverage...
DEBIAN-CVE-2019-6290
An infinite recursion issue was discovered in eval.c in Netwide Assembler NASM through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '' characters. Remote attackers could leverage...
Sandbox Breakout / Arbitrary Code Execution
Overview Versions of static-evalprior to 2.0.2 pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...
UBUNTU-CVE-2018-20190
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operatorSass::SupportsOperator in eval.cpp may cause a Denial of Service application crash via a crafted sass input file...