CVE-2014-8313

Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...

CVE-2014-8313

The CVE-2014-8313 entry describes an evaluation (XSJX eval) injection flaw in SAP HANA’s Developer Workbench, specifically in ide/core/base/server/net.xsjs, enabling remote code execution through unspecified vectors. The vulnerability affects the Developer Workbench component of SAP HANA and is t...

Design/Logic Flaw

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

CVE-2014-3593

The CVE-2014-3593 entry concerns luci, affected up to version 0.26.0, where an eval() on cluster configuration inputs could be exploited by remote authenticated users with certain permissions to execute arbitrary Python code. Multiple trusted sources (Red Hat RHSA-2014:1390, CentOS/OSS advisories...

CVE-2014-3593

Eval injection vulnerability in luci 0.26.0 allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration...

PT-2014-5409 · Google +2 · Luci +2

Name of the Vulnerable Software and Affected Versions: luci version 0.26.0 Description: The issue allows remote authenticated users with certain permissions to execute arbitrary Python code via a crafted cluster configuration. Recommendations: For luci version 0.26.0, update to a version that fix...

Twiki Perl 4.x, 5.x, 6.x Upload Bypass / Code Execution Vulnerabilities

The debugenableplugins request parameter in Twiki versions 4.x, 5.x, and 6.0.0 allows arbitrary Perl code execution and suffer from a file upload bypass vulnerability. This is an advisory for TWiki administrators: The debugenableplugins request parameter allows arbitrary Perl code execution...

Design/Logic Flaw

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

CVE-2014-7205

The Bassmaster Node.js plugin for the Hapi server contains CVE-2014-7205: an eval-based injection in the internals.batch function (lib/batch.js) before version 1.5.2, enabling remote arbitrary JavaScript execution. Documents show affected version range is bassmaster

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

Foreman: app/controllers/bookmarks_controller.rb remote code execution

Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...

ActualAnalyzer Lite 2.81 - Unauthenticated Command Execution Exploit

ActualAnalyzer remote command execution exploit that leverages an eval. ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/20...

ActualAnalyzer Lite 2.81 - Command Execution

ActualAnalyzer Lite 2.81 - Command Execution ActualAnalyzer exploit. Tested on Lite version We load command into a dummy variable as we only have 6 characters to own the eval but load more as first 2 characters get rm'd. We then execute the eval with backticks. 11/05/2011 import urllib import...

XSS when adding Stash Linked Repositories

Stash server title in the "Stash server" dropdown is not being escaped and if it contains a script tag that script will be eval'd. Our Stash QA test data has the server title "Welcome to alert666 Long Ståш Title with ..." which causes the "666" to alert when the "Add repository" button is clicked...

PHP IRC Bot pbot eval() Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Ipswitch WS_FTP Server 3.4/4.0 FTP Command Buffer Overrun Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8542/info Ipswitch WSFTP Server is reported to be prone to buffer overruns when handling data supplied to the APPE and STAT FTP commands. An FTP user who supplies excessive input to these commands could potentially execut...

LotusCMS 3.0 eval() Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

Dolphin <= 7.0.7 (member_menu_queries.php) Remote PHP Code Injection

No description provided by source. ?php / ---------------------------------------------------------------------------- Dolphin = 7.0.7 membermenuqueries.php Remote PHP Code Injection Exploit ---------------------------------------------------------------------------- author...............: EgiX...

RoundCube Webmail <= 0.2b Remote Code Execution Exploit

No description provided by source. !/bin/sh I was hoping the PoC would not appear so soon, but now that it is out, i thought i might as well publish my real exploit. Hunger http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5619 FOR LEARNING PURPOSES ONLY! PHP echoiniget'disablefunctions';...

LoveCMS 1.6.2 - CSRF Code Injection Vulnerability

No description provided by source. Exploit Title : LoveCMS 1.6.2 - CSRF Code Injection Vulnerability Script : LoveCMS 1.6.2 Language : PHP Download : http://sourceforge.net/project/showfiles.php?groupid=168535 Date : 2010/12/27 Dork : Powered by LoveCMS Found : by hiphop contact me...