2521 matches found
CVE-2020-6650 Arbitrary code execution through “Update Manager” Class
UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates...
OS Command Injection
node-rules is vulnerable to OS command injection. The argument rules in the fromJSON in node-rules.js is passed to the eval function without any validation or sanitization, allowing an attacker to inject and execute arbitrary OS commands...
@550w-tools/cli (>=0.0.14 <=0.0.16), @550w-tools/core (>=0.0.14 <=0.0.16) +538 more potentially affected by CVE-2020-7710 via safe-eval (>=0.2.0 <=0.4.1)
safe-eval NPM version =0.2.0, =0.0.14, =0.0.14, =0.0.13, =0.0.14, =0.0.15, =1.0.1, =1.0.2, =1.0.3, =1.1.2, =0.1.16, =1.0.0, =0.3.0, =0.20.0, =2.0.295, =2.0.315 and more Source cves: CVE-2020-7710 Source advisory: SNYK:JS-SAFEEVAL-608076...
Sandbox Escape
Overview safe-eval is a Safer version of eval Affected versions of this package are vulnerable to Sandbox Escape. It is possible for an attacker to run an arbitrary command on the host machine. POC by Anirudh Anand for node 12.13.0 const safeEval = require'safe-eval'; const theFunction = function...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
Design/Logic Flaw
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
CVE-2020-9406
IBL Online Weather before 4.3.5a is affected by an unauthenticated eval injection via the Auxiliary Service’s queryBCP method. The vulnerability affects versions prior to 4.3.5a and stems from the queryBCP component allowing injection of code without authentication, enabling potential remote code...
CVE-2020-9406
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service...
Code Injection in commenthol/safer-eval
Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError: Maximum call stack size exceeded. Proof of Concept Credit: Jonathan Leitschuh js const theFunction = function const f =...
PYSEC-2020-203
The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...
Sql injection
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome...
CVE-2014-7236
CVE-2014-7236 affects TWiki (lib/TWiki/Plugins.pm) prior to 6.0.1. The vulnerability is an eval injection in the debugenableplugins parameter used during do/view/Main/WebHome, enabling remote Perl code execution with the web server user’s privileges. Evidence across sources (CVE entry, NVD/CIRCL/...
CVE-2014-7236
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome...
Design/Logic Flaw
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...
CVE-2013-1437
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...
CVE-2013-1437
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...
CVE-2013-1437
Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value...
CVE-2013-1437
The CVE-2013-1437 entry relates to the Perl Module-Metadata module: versions before 1.000015 evaluate the $Version value and can execute arbitrary Perl code, enabling remote code execution. Affected component: Module-Metadata (Perl). Impact: remote code execution with high severity. Remediation: ...
Huawei EulerOS: Security Advisory for oprofile (EulerOS-SA-2019-2516)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...