phpMoAdmin 1.1.3 /moadmin.php 代码执行漏洞

/moadmin.php / Saves an object @param string $collection @param string $obj @return array / public function saveObject$collection, $obj eval'$obj=' . $obj . ';'; //cast from string to array return $this-mongo-selectCollection$collection-save$obj; …. $action = isset$GET'action' ? $GET'action' :...

Zhcms v1. 0 sql injection+arbitrary code execution-vulnerability warning-the black bar safety net

Author:Sco4x0 blog:www.sco4x0.com Team: www.secbox.cn A: sql injectioncauses the backend login bypass See UserAction. class. the php processing code in the Login method public function login if! empty$POST'code' if! empty$POST'user' && ! empty$POST'passwd' $rs = $this-user-login$POST'user',...

xdg-utils Eval Injection Vulnerability

xdg-utils is a set of command line tools used to help applications integrate with various desktop tasks. An Eval injection vulnerability exists in xdg-utils version 1.1.0 RC1. An attacker can exploit this vulnerability to execute arbitrary code with the help of the 'URL' parameter...

Design/Logic Flaw

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

UBUNTU-CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

CVE-2014-9622

CVE-2014-9622 covers an eval-injection in xdg-utils 1.1.0 RC1 where, if no supported desktop environment is identified, an attacker can cause xdg-open to execute arbitrary commands via the URL argument. The vulnerability is treated as a remote-code-execution risk affecting Linux distros, with CVS...

CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open...

Tuleap - PHP Unserialize Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuelap...

Tuleap PHP Unserialize Code Execution Exploit

This Metasploit module exploits a PHP object injection vulnerability in Tuelap 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuelap = 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with...

CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

UBUNTU-CVE-2014-7192

Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote attackers to execute arbitrary code via a crafted file...

CVE-2014-7192

CVE-2014-7192 affects the syntax-error npm module (before 1.1.1) used with Node.js 0.10.x, including in IBM Rational Application Developer and related IBM/RSA products. The vulnerability stems from improper input handling in the syntax-error/index.js file, enabling remote attackers to execute arb...

Tuleap PHP Unserialize Code Execution

This module exploits a PHP object injection vulnerability in Tuleap 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuleap = 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the...

phpcms background arbitrary code execution vulnerability

phpcms is an open source content management system. phpcms backend exists arbitrary code execution vulnerability , due to phpcms source code program in many places using the string2array function , the function's parameters are directly executed by eval , so as long as there is a call to the...

PHPMyWind 5.1 /include/common.func.php 代码执行漏洞

/include/common.func.php/字符串转数组/ if!functionexists'String2Array' function String2Array$data if$data == '' return array; @eval"$array = $data;"; return $array; $data变量进入eval执行，当传入$data为：111|222$phpinfo执行的PHP语句为：@eval"$array = array"1"="111|222$phpinfo","2"="";;"页面返回：...

CVE-2014-8998

lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the pregreplace function with the eval switch...

CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...

Sql injection

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...