CVE-2017-16226

The CVE-2017-16226 issue affects the static-eval module where untrusted input can access the global Function constructor, enabling arbitrary code execution. Exploitation details are present in multiple connected sources (e.g., npm advisory 548 and OSS/GHSA entries) showing that affected versions ...

static-eval Arbitrary Code Execution Vulnerability

static-eval is a module for evaluating statically analyzable expressions. A security vulnerability exists in static-eval. An attacker can exploit this vulnerability to execute arbitrary code by accessing the constructor of the global function...

Moodle 3.x Multiple Vulnerabilities (May 2018) - Linux

Moodle CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

Design/Logic Flaw

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

UBUNTU-CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

CVE-2018-1133

Moodle 3.x is affected by CVE-2018-1133 via the Calculated question type. A teacher can cause remote code execution on the server through eval injection. Root cause is input evaluated by the server (eval) when creating Calculated questions. Impact is remote code execution with high severity (CVE-...

CVE-2018-1133

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection...

Web Application Penetration Testing Tool: Tracy

Tracy is a pentesting tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner. tracy should be used during the mapping-the-application phase of the pentest to identify sources of input and their corresponding outputs. tracy...

Google Forms < 0.94 - Eval Injection

The Google Forms WordPress plugin was affected by an Eval Injection security vulnerability...

Combodo iTop Command Injection Vulnerability

Combodo iTop also known as IT Operations Portal, IT Operations Portal is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The tool provides incident management, configuration management and problem management and...

CVE-2018-10642

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig that calls the vulnerable function eval...

CVE-2018-10642

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig that calls the vulnerable function eval...

Command injection

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig that calls the vulnerable function eval...

CVE-2018-10642

Command injection vulnerability in Combodo iTop 2.4.1 allows remote authenticated administrators to execute arbitrary commands by changing the platform configuration, because web/env-production/itop-config/config.php contains a function called TestConfig that calls the vulnerable function eval...

xdebug Unauthenticated OS Command Execution Exploit

This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user. This module requires Metasploit: https://metasploit.com/download Current source:...

Redis EVAL Lua Sandbox Escape

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. TRUSTED...

CVE-2018-10086

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary code execution vulnerability in the admin dashboard because the implementation uses "eval'function testfunction'.rand" and it is possible to bypass certain restrictions on these "testfunction" functions...