2444 matches found
CVE-2018-1000070
Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...
CVE-2018-1000070
Bitmessage PyBitmessage version v0.6.2 and introduced in or after commit 8ce72d8d2d25973b7064b1cf76a6b0b3d62f0ba0 contains a Eval injection vulnerability in main program, file src/messagetypes/init.py function constructObject that can result in Code Execution. This attack appears to be exploitabl...
CVE-2018-1000070
CVE-2018-1000070 relates to Bitmessage PyBitmessage. The connected CNVD/CNVD-2018-07896 and CNVD-derived entries confirm a vulnerability in the file src/messagetypes/init .py, in the function constructObject, within PyBitmessage v0.6.2 and later (introduced around commit 8ce72d8d...), that enable...
WordPress Users Warned of Malware Masquerading as ionCube Files
Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware. In the...
Tuleap 9.6 - Second-Order PHP Object Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tulea...
GLSA-201711-15 : PHPUnit: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201711-15 PHPUnit: Remote code execution When PHPUnit is installed in a production environment via composer and these modules are in a web accessible directory, the eval-stdin.php file in PHPUnit contains vulnerable statements tha...
Tuleap 9.6 Second-Order PHP Object Injection
This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to execute...
GHSA-5J3G-JFQ3-7JWX Arbitrary JavaScript Execution in bassmaster
A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...
Sandbox Breakout / Arbitrary Code Execution
Overview Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...
Sql injection
Eval injection vulnerability in the fmsaveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2015-7806
The CVE-2015-7806 issue affects the WordPress Form Manager plugin (prior to 1.7.3). The vulnerability is in the fm_saveHelperGatherItems function of ajax.php, enabling remote code execution via unspecified vectors. Multiple sources confirm RCE potential, including CNVD and WPVulndB entries noting...
Internet Bug Bounty: Interger overflow in eval trigger write out of bound
Hi security team, i reported some samples triggered crash in eval funtion in perl. The bug come because variable start and items used type I32 which takes half the range of linet and folds it into negative numbers, leading to trying to store the lines at negative indexes...
Microsoft Edge Chakra Parser::ParseCatch Failed eval Handle
Microsoft Edge: Chakra: Parser::ParseCatch doesn't handle "eval" CVE-2017-11764 In Javascript, the code executed by a direct call to eval shares the caller block's scopes. Chakra handles this from the parser. And there's a bug when it parses "eval" in a catch statement's param. ParseNodePtr...
Microsoft Edge Chakra - Parser::ParseCatch Does Not Handle eval() (Denial of Service)
Microsoft Edge Chakra - Parser::ParseCatch Does Not Handle eval Denial of Service PnodeBlockType::Regular, isPattern ? ScopeTypeCatchParamPattern : ScopeTypeCatch; ... ParseNodePtr pnodePattern = ParseDestructuredLiteraltkLET, true /isDecl/, true /topLevel/, DICForceErrorOnInitializer; ... 1...
Multiple Plugins - Unauthenticated RCE via PHPUnit
There was an Unauthenticated Remote Code Execution RCE vulnerability in PHPUnit, a widely used testing framework for PHP. This vulnerability has been seen exploited in the wild. curl -X POST --data ""...
Microsoft Edge Chakra chakra!Js::GlobalObject Integer Overflow
= 0; AnalysisAssertscriptContext; if scriptContext-GetThreadContext-EvalDisabled throw Js::EvalDisabledException; ifdef PROFILEEXEC scriptContext-ProfileBeginJs::EvalCompilePhase; endif void frameAddr = nullptr; GETCURRENTFRAMEIDframeAddr; HRESULT hr = SOK; HRESULT hrParser = SOK; HRESULT hrCodeG...
CVE-2017-12963
There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix available from GitHub after 2017-07-24...
CVE-2017-12963
There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix available from GitHub after 2017-07-24...
UBUNTU-CVE-2017-12963
There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix available from GitHub after 2017-07-24...
CVE-2017-12964
There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator in eval.cpp. It will lead to a remote denial of service attack...