CVE-2016-4311

Cross-site request forgery CSRF vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request...

CVE-2016-4311

Cross-site request forgery CSRF vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request...

UBUNTU-CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

DEBIAN-CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

CVE-2016-6175

The vulnerability CVE-2016-6175 affects php-gettext up to version 1.0.12, where eval injection in the plural forms header allows remote attackers to execute arbitrary PHP code. Exploitation is evidenced by an in-the-wild exploit (Exploit-DB entry) and multiple security feeds. The issue is caused ...

PT-2017-2446 · Ruby +1 · Ruby +1

Name of the Vulnerable Software and Affected Versions: Ruby affected versions not specified Description: The issue is related to a type confusion in the cancel eval method of Ruby's TclTkIp class. This occurs when an attacker passes a different type of object than a String as the retval argument,...

Non-Exploitable Security Issues

Invalid Code The following code was found in the XOOPS project. User input is saved in the variable $filter and then used in a call to eval - a security nightmare. image.php 301 302 303 $filter = isset$GETfilter ? $GETfilter : false; $destinationimage = imagecreatetruecolor$tnwidth, $tnheight;...

Microsoft Edge - eval Type Confusion

Microsoft Edge - eval Type Confusion var p = new Proxyeval, ; p"alert"e"";...

Microsoft Edge - 'eval' Type Confusion

var p = new Proxyeval, ; p"alert"e"";...

Microsoft Edge JavaScript eval Function Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge and Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Ocean CMS to the latest version V6. 2 8 command execution 0DAY-vulnerability warning-the black bar safety net

t00ls a friend fuzz out of a 0day, but the analysis does not come out what's the problem, I analyze a bit. I is how to track this 0day? In fact, as long as the chase area parameters of the treated place. After a character is an illegal judgment, call echoSearchPagefunction area parameters after t...

DEBIAN-CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory...

CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory...

CVE-2016-6185

The CVE-2016-6185 issue involves Perl’s XSLoader::load potentially locating and loading a shared library from an incorrect location when called from a string eval, enabling arbitrary code execution by a local attacker via a Trojan horse library in the current working directory. Public reports (De...

foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter

It was found that the “variant” parameter in the TFTP API of Foreman was passed to the eval function. An attacker could possibly use this flaw to execute arbitrary code with the privileges of the Foreman user...

PHP gettext 1.0.12 Code Execution

CVE-2016-6175 gettext.php | @kmkzsecurity Project Homepage: https://launchpad.net/php-gettext/ Download: https://launchpad.net/php-gettext/trunk/1.0.12/+download/php-gettext-1.0.12.tar.gz Version: 1.0.12 latest release Tested on: Linux Debian, PHP 5.6.19-2+b1 CVSS: 7.1 OVE ID: OVE-20160705-0004 C...

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...

CVE-2016-5734

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the pregreplace e aka eval modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table...