Remote Code Execution (RCE)

phpunit is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary PHP script by using the ?php tag and sending a POST request to the eval-stdin.php file on the system...

UBUNTU-CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

Code injection

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the...

E2open Device OpenWebif Plugin Arbitrary Code Execution Vulnerability

OpenWebif plugin for E2 open devices is a Web interface plugin for E2open devices from E2open, Inc. A security vulnerability exists in versions of the OpenWebif plugin for E2open devices prior to version 1.2.4, which originates from the 'saveConfig' function in...

Remote Code Execution (RCE)

kmc is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

mongo-edit is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

mongui is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

mongoosify is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

nameless-cli is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

nd-validator is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

m2m-supervisor is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Sandbox Breakout

Overview Affected versions of safe-eval are vulnerable to a sandbox escape. By accessing object constructors, un-sanitized user input can access the entire standard library and effectively break out of the sandbox. Proof of Concept: This code accesses the process object and calls .exit var safeEv...

Command Execution Through Collection Name

summit is vulnerable to command execution. There is an unsafe eval in summit which allows an attacker to execute arbitrary commands through a malicious collection name. This only happens when using the PouchDB driver...

Remote Code Execution (RCE)

MathJS is vulnerable to remote code execution RCE attacks. These attacks are possible through the eval function...

Remote Code Execution (RCE)

MathJS is vulnerable to remote code execution RCE attacks. These attacks are possible through the eval function...

Remote Code Execution (RCE) Through Eval

heist is vulnerable to remote code execution RCE attacks. The vulnerability exists as the eval code for strings leads to Kernel.eval, and allows string interpolation to happen. This can eventually lead to a sandbox escape and remote code execution. The following code illustrates the issue RCE...

CVE-2017-5359

EasyCom SQL iPlug allows remote attackers to cause a denial of service via the D$EVAL parameter to the default URI...

CVE-2017-5359

Affected product: EasyCom SQL iPlug. Vulnerability: Denial of Service via the D$EVAL parameter to the default URI, allowing remote attackers to exhaust the service. The issue is demonstrated by public PoCs/exploits targeting the 7078 port and sending oversized payloads, as reported across multipl...

seacms search.php code execution vulnerability

function parseIf$content if strpos$content,'if:'=== false return $content; else $labelRule = buildregx"if:.? .? end if","is"; $labelRule2="elseif"; $labelRule3="else"; pregmatchall$labelRule,$content,$iar; $arlen=count$iar0; $elseIfFlag=false; for$m=0;$mparseStrIf$strIf; $strThen=$iar2$m;...

Remote Code Execution (RCE)

airflow is vulnerable to remote code execution RCE . It can happen because it passes user-controllable data as the default parameters to the python eval function which directly executes the parameters. Therefore any users who can create or edit charts can trigger the attack in airflow server...