Exploit for Code Injection in Geoserver

GeoServer 无回显 远程代码执行漏洞 CVE-2024-36401 options: -h, --help sho...

litellm vulnerable to remote code execution based on using eval unsafely

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the adddeployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sendin...

kernel: netfilter: nf_tables: disallow anonymous set with timeout flag

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFTSETEVAL to ensure legacy meters still work...

PT-2024-28406 · Skycaiji · Skycaiji

Name of the Vulnerable Software and Affected Versions: skycaiji version 2.8 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode. This enables the execution of malicious code on the victim's...

CVE-2024-39242

A cross-site scripting XSS vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode...

CVE-2024-39242

CVE-2024-39242 is a reported cross-site scripting (XSS) vulnerability in skycaiji v2.8 . The issue arises from a crafted payload that uses eval(String.fromCharCode()) , enabling attackers to run arbitrary web scripts/HTML in a victim’s browser. The CVSS 3.1 metrics indicate a Network attack vecto...

CVE-2014-5470

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation...

CVE-2014-5470

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation...

PT-2024-10557 · Unknown · Actual Analyzer

Name of the Vulnerable Software and Affected Versions: Actual Analyzer versions prior to 2014-08-29 Description: The issue allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. Recommendations: For versions prior to...

CVE-2014-5470

Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation...

CVE-2014-5470

CVE-2014-5470 affects Actual Analyzer (versions prior to 2014-08-29). The vulnerability arises from untrusted input being passed to an eval operation, enabling code execution via shell metacharacters in the input data. Connected sources show concrete details: the flaw exists in Actual Analyzer’s ...

WordPress Plugin Custom Field Suite Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-27153 · Rhai · Rhai

Name of the Vulnerable Software and Affected Versions: rhai version 1.18.0 Description: A stack overflow vulnerability was found in rhai. The issue is related to a recursive call in the eval stmt block function, located in the /SRC/rhai/SRC/eval/STMT.Rs file. This vulnerability can be exploited d...

Code Injection

litellm is vulnerable to Code Injection. The vulnerability is caused due to a lack of input validation in the eval function within the secret management system, which allows an attacker to execute arbitrary code...

pillow: Arbitrary Code Execution via the environment parameter

A vulnerability was found in Pillow, a popular Python imaging library. The flaw identified in the PIL.ImageMath.eval function enables arbitrary code execution by manipulating the environment parameter...

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

PT-2024-33256 · Google · Google Kms

Name of the Vulnerable Software and Affected Versions: berriai/litellm version 1.34.6 Description: A code injection issue exists due to the use of unvalidated input in the eval function within the secret management system. This issue requires a valid Google KMS configuration file to be exploitabl...

Command Injection

llamaindex is vulnerable to a Command Injection. The vulnerability is due to unsafe usage of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine...

OESA-2024-1659 python-tqdm security update

tqdm derives from the Arabic word taqaddum which can mean "progress". Instantly make your loops show a smart progress meter - just wrap any iterable with tqdminterable, and you are done! Security Fixes: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments...

kernel: netfilter: nf_tables: disallow anonymous set with timeout flag

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFTSETEVAL to ensure legacy meters still work...