2431 matches found
Sql injection
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...
CVE-2013-1349
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...
CVE-2013-1349
OpenSIS CVE-2013-1349 affects OpenSIS 4.5–5.2. The vulnerability is in ajax.php: the parameter modname is not properly sanitized before being used in an eval call, allowing an attacker to inject and execute arbitrary PHP code. Multiple sources reference the code path through ajax.php and the modn...
Design/Logic Flaw
The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2013-4446
The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2013-4446
CVE-2013-4446 affects Drupal Context module (drupal6-context 6.x-2.x before 6.x-3.2; 7.x-3.x before 7.x-3.0). The vulnerability arises when PHP lacks a json_decode function or json library, allowing remote attackers to execute arbitrary PHP code via Ajax-related vectors (possibly involving eval)....
NETGEAR ReadyNAS Perl Code Evaluation
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'NETGEAR ReadyNAS Perl Code Evaluation', 'Description' = %q This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and...
TP-Link Cross Site Request Forgery Vulnerability
This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers. I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using the same Internet connection with several...
NETGEAR ReadyNAS Perl Code Evaluation
This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web front end, specifically in the nphandler.pl component, due to an insecure usage of the eval perl function. This module has been tested successfully on a NETGEAR ReadyNAS 4.2.23...
Amazon Linux AMI : perl (ALAS-2011-19)
A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the...
CVE-2013-2121
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...
Design/Logic Flaw
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...
CVE-2013-2121
Foreman (Red Hat OpenStack/Satellite) CVE-2013-2121 is an eval injection in the create action of the bookmarks controller. Before 1.2.0-RC2, remote authenticated users with bookmark-creation permissions can execute arbitrary code via a controller name attribute. Public references note code inject...
InstantCMS 1.6 - PHP Remote Code Execution (Metasploit)
require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. , 'Author' = 'AkaStep', Vulnerability discovery and PoC 'Ricar...
InstantCMS 1.6 Remote PHP Code Execution
require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. , 'Author' = 'AkaStep', Vulnerability discovery and PoC 'Ricar...
InstantCMS 1.6 Remote PHP Code Execution Vulnerability
This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command...
php-Charts wizard/index.php PHP Execution
The php-Charts install hosted on the remote web server contains a flaw that could allow arbitrary PHP code execution. Input passed to the 'wizard/index.php' script is not properly sanitized before being used in an eval call. An unauthenticated, remote attacker could leverage this vulnerability to...
Foreman: app/controllers/bookmarks_controller.rb remote code execution
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute...
LotusCMS 3.0 PHP Code Execution
!/usr/bin/python Script that spawns a reverse shell python on vulnerable LotusCMS 3.0 installations. Uses a simple PHP eval vulnerability. http://secunia.com/secuniaresearch/2011-21/ infodox - Insecurety Research 2013 insecurety.net - @infodox import requests import random import threading import...
CVE-2013-4609
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...